Overview

overview

10

Static

static

10

0x00090000...04.exe

windows7-x64

10

0x00090000...04.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0x000900000001230a-104.dat

  • Size

    173KB

  • Sample

    230612-rzkwrace84

  • MD5

    cf87fa61e681985631c433502e20c7e2

  • SHA1

    1a55061a5ab84088b81367cb8e814be9de8e257c

  • SHA256

    e70649f8d9a39e9a2aed8fb07f69abbc571462a6923f1def295846591949179d

  • SHA512

    e436ba7c25016164ceb5a215531628a048413260c571446a0b8301d04c3c62fad3a7e1625172fbccfe5598a91c3d2b12fa22959d8a287f5e6091999b26805ada

  • SSDEEP

    3072:qhiSbCnywYdhlHTzBQxNVGVbtlQn8e8hX:UiSbVFp22lQn

Score
10/10
redlinedorodiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

doro

C2

83.97.73.129:19068

Attributes
  • auth_value

    03f411441fb3fa233179c2cc8ffbce27

Targets

    • Target

      0x000900000001230a-104.dat

    • Size

      173KB

    • MD5

      cf87fa61e681985631c433502e20c7e2

    • SHA1

      1a55061a5ab84088b81367cb8e814be9de8e257c

    • SHA256

      e70649f8d9a39e9a2aed8fb07f69abbc571462a6923f1def295846591949179d

    • SHA512

      e436ba7c25016164ceb5a215531628a048413260c571446a0b8301d04c3c62fad3a7e1625172fbccfe5598a91c3d2b12fa22959d8a287f5e6091999b26805ada

    • SSDEEP

      3072:qhiSbCnywYdhlHTzBQxNVGVbtlQn8e8hX:UiSbVFp22lQn

    Score
    10/10
    redlinedorodiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks