redline | 2250f0c92708991415b96d6dfdbfadd9151222647c3d8743cd105936fd2f1f2a | Triage

Submit
Reports

Overview

overview

Static

static

1

d28dc0c2a9...8c.exe

windows7-x64

d28dc0c2a9...8c.exe

windows10-2004-x64

Sharing

General

Target

6e7107d8136cb017b0327b95ce833338.bin
Size

271KB
Sample

230326-bvpq5sfa76
MD5

fe36eb7e734cd69b1f7d0f365917c4be
SHA1

896ad213d4a847cc0ba87d0f0160bed4e1ae244b
SHA256

2250f0c92708991415b96d6dfdbfadd9151222647c3d8743cd105936fd2f1f2a
SHA512

ce31c2b4ce50dc9626584fe4c915ade9cea966fd72b64281a958172e94d2ff53956757f2edb2ad2e9209e498bfff91ac46becf5f586a5154ac1204ea1a736ad2
SSDEEP

6144:g5uT7qwKBlEmGU3GpdvKROwxytl2YtOHuq17qGqHaJ/eSG2:BT7VelLGU3UIR5yz2owM0JG2

Score

10^/10

redline dozk discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

d28dc0c2a9fa1af27fbe35fe46e0ff84a79b55f11ce99c4a268159a70d104b8c.exe

Resource

win7-20230220-en

redline dozk discovery infostealer spyware stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

d28dc0c2a9fa1af27fbe35fe46e0ff84a79b55f11ce99c4a268159a70d104b8c.exe

Resource

win10v2004-20230220-en

redline dozk discovery infostealer spyware stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

dozk

C2

91.215.85.15:25916

Attributes

auth_value
9f1dc4ff242fb8b53742acae0ef96143

Targets

- Target
  
  d28dc0c2a9fa1af27fbe35fe46e0ff84a79b55f11ce99c4a268159a70d104b8c.exe
- Size
  
  383KB
- MD5
  
  6e7107d8136cb017b0327b95ce833338
- SHA1
  
  04e53d8fa6d1bb682ac8f18b6edcedf15979e78b
- SHA256
  
  d28dc0c2a9fa1af27fbe35fe46e0ff84a79b55f11ce99c4a268159a70d104b8c
- SHA512
  
  750fe0375ee13b3fcc5375af4de48dc8e11c05ce21992b16e663914a65bddc56018aba9ad8c1afa336bf37f9d874704d917cb1caea69be945265143d4c59e915
- SSDEEP
  
  6144:Uvz5zYoLBbre+kalykET/Gvsv92HhiNqejdpVva:Sz5zY0BP3jyk9qIeb8
Score

10^/10

redline dozk discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinedozkdiscoveryinfostealerspywarestealer

behavioral2

redlinedozkdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy