bf670d42f46a2f21b03c55de4969ba5f.exe

General
Target

bf670d42f46a2f21b03c55de4969ba5f.exe

Size

444KB

Sample

220127-bjyvnsdfa2

Score
10 /10
MD5

bf670d42f46a2f21b03c55de4969ba5f

SHA1

05856df6790d61a38f00d2a4ac029106a9a80a31

SHA256

4903c0e3ebf61b5b52aec0bd5d7f0dc762d96eee77d9ad078c2c1ac0da6c36ba

SHA512

abc05a21b06da948536cedc1b7b1de5fec405989dcd7577109d86c74f0f87e168528e71268557a51351b93512afcf99cc39802236107b71fea6b5fe9e976dfe3

Malware Config

Extracted

Family redline
Botnet ruzkiKAKOYTO
C2

185.215.113.29:20819

Targets
Target

bf670d42f46a2f21b03c55de4969ba5f.exe

MD5

bf670d42f46a2f21b03c55de4969ba5f

Filesize

444KB

Score
10/10
SHA1

05856df6790d61a38f00d2a4ac029106a9a80a31

SHA256

4903c0e3ebf61b5b52aec0bd5d7f0dc762d96eee77d9ad078c2c1ac0da6c36ba

SHA512

abc05a21b06da948536cedc1b7b1de5fec405989dcd7577109d86c74f0f87e168528e71268557a51351b93512afcf99cc39802236107b71fea6b5fe9e976dfe3

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation