redline

General

Target

Analysis of cochang private key leak event on March 21, 2023.pdf.zip
Size

28.7MB
Sample

230326-g9hh9sfg25
MD5

14590ed407ac3137dfebf6e577738b6f
SHA1

4c57d1fdf4b14bfbfaee2adefe1a186bb48b7fcd
SHA256

8849188015f3e48dff6985bd0b823fb744da1e65e7ac93fed19e370e3af419d3
SHA512

0179b1852e1c0062c906613c0eedb681d345c468d12754efda7b0970ad9441caf5a483f05a48ed3e2f811154491678496936a6304b95f85375c8e057c8ecfe8b
SSDEEP

393216:PdRMyQ5nDRugTM6ZWK4GV+Pws5TttG9/yaxC67GHh6FKLNhvNzkRZO9DXwhT+GbK:PYp1nM6WO+1TOxeMFkNJN40DAhKGbEfH

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

1-2potok

C2

212.113.116.143:29996

Attributes

auth_value
b5701ee96cdcd1581bc7b0c10049e64b

Targets

- Target
  
  Analysis of cochang private key leak event on March 21, 2023.pdf.scr
- Size
  
  29.3MB
- MD5
  
  0995c7e65e37b776d64b283ca1f21489
- SHA1
  
  c5f056d287d852a4c88029f3dd863b27e2a7ec77
- SHA256
  
  adfc6d2b25d8aba59c5b358a1ec69a0d9e79d7636999f6232454397435f035a3
- SHA512
  
  e05ff36f2d5db1a3bbf6583554ddcad5980ac74782e4b2082a5442f9a8b54b54022848d218d0fa96083176aef6cc2671a0c99a34a717d37073d0ed2c3d79f627
- SSDEEP
  
  786432:SjMR4qHLpizyVp/1q1rINsjsq3gazg7ag:0BqHBV1q1rImjsQxPg
Score

10^/10

redline 1-2potok discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2