58af05687c427abf79f665c75b199d24a5a3a0976ece82d6479015d14eb0bb10

General
Target

58af05687c427abf79f665c75b199d24a5a3a0976ece82d6479015d14eb0bb10

Size

404KB

Sample

211125-tz6vbsfgcr

Score
10 /10
MD5

321a79a8f02fc5edb9f7d9820a7a9908

SHA1

fadcf7b810f5660fd695de49dd66868a4cebbd19

SHA256

58af05687c427abf79f665c75b199d24a5a3a0976ece82d6479015d14eb0bb10

SHA512

63f8f70f3c53a1423664342666927ee6370724c526bc37e726d6aa6c6edfd94890ee0d029f18d87a0c3ded90876c6238fddde5032de9f1d0823fe4a23fe419e8

Malware Config

Extracted

Family redline
Botnet RUZKI
C2

185.215.113.29:26828

Targets
Target

58af05687c427abf79f665c75b199d24a5a3a0976ece82d6479015d14eb0bb10

MD5

321a79a8f02fc5edb9f7d9820a7a9908

Filesize

404KB

Score
10 /10
SHA1

fadcf7b810f5660fd695de49dd66868a4cebbd19

SHA256

58af05687c427abf79f665c75b199d24a5a3a0976ece82d6479015d14eb0bb10

SHA512

63f8f70f3c53a1423664342666927ee6370724c526bc37e726d6aa6c6edfd94890ee0d029f18d87a0c3ded90876c6238fddde5032de9f1d0823fe4a23fe419e8

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks