e4e2de1f2cb31a67b7e0209d8144d2a8e72a5ae6182dafdd32aaca99a73d45ec

General
Target

e4e2de1f2cb31a67b7e0209d8144d2a8e72a5ae6182dafdd32aaca99a73d45ec

Size

428KB

Sample

220115-b4f6cscbgm

Score
10 /10
MD5

c50fd05c48e995824aa91c979d071f62

SHA1

f1ce385732e54ed8e8951093548b0c831fcab34d

SHA256

e4e2de1f2cb31a67b7e0209d8144d2a8e72a5ae6182dafdd32aaca99a73d45ec

SHA512

738275bcbdd56e0c1a82b50a7c064b72ea703609420e02523e25632f7953464d16f40e1397b54b19e2c69d7b82640fe1270a30bea0d59b8652c072abfa60be4a

Malware Config

Extracted

Family redline
Botnet RUZKI
C2

185.215.113.29:34865
Targets
Target

e4e2de1f2cb31a67b7e0209d8144d2a8e72a5ae6182dafdd32aaca99a73d45ec

MD5

c50fd05c48e995824aa91c979d071f62

Filesize

428KB

Score
10/10
SHA1

f1ce385732e54ed8e8951093548b0c831fcab34d

SHA256

e4e2de1f2cb31a67b7e0209d8144d2a8e72a5ae6182dafdd32aaca99a73d45ec

SHA512

738275bcbdd56e0c1a82b50a7c064b72ea703609420e02523e25632f7953464d16f40e1397b54b19e2c69d7b82640fe1270a30bea0d59b8652c072abfa60be4a

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files

  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

behavioral1
MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
    Defense Evasion
      Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks