General

  • Target

    0x000900000001230a-104.dat

  • Size

    173KB

  • Sample

    230612-rzkwrace84

  • MD5

    cf87fa61e681985631c433502e20c7e2

  • SHA1

    1a55061a5ab84088b81367cb8e814be9de8e257c

  • SHA256

    e70649f8d9a39e9a2aed8fb07f69abbc571462a6923f1def295846591949179d

  • SHA512

    e436ba7c25016164ceb5a215531628a048413260c571446a0b8301d04c3c62fad3a7e1625172fbccfe5598a91c3d2b12fa22959d8a287f5e6091999b26805ada

  • SSDEEP

    3072:qhiSbCnywYdhlHTzBQxNVGVbtlQn8e8hX:UiSbVFp22lQn

Malware Config

Extracted

Family

redline

Botnet

doro

C2

83.97.73.129:19068

Attributes
  • auth_value

    03f411441fb3fa233179c2cc8ffbce27

Targets

    • Target

      0x000900000001230a-104.dat

    • Size

      173KB

    • MD5

      cf87fa61e681985631c433502e20c7e2

    • SHA1

      1a55061a5ab84088b81367cb8e814be9de8e257c

    • SHA256

      e70649f8d9a39e9a2aed8fb07f69abbc571462a6923f1def295846591949179d

    • SHA512

      e436ba7c25016164ceb5a215531628a048413260c571446a0b8301d04c3c62fad3a7e1625172fbccfe5598a91c3d2b12fa22959d8a287f5e6091999b26805ada

    • SSDEEP

      3072:qhiSbCnywYdhlHTzBQxNVGVbtlQn8e8hX:UiSbVFp22lQn

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks