9082e20b7743984cb2f22a22cf3871e22d8d9c6f33a03fe6d95ea5c1006d4b4e

General
Target

9082e20b7743984cb2f22a22cf3871e22d8d9c6f33a03fe6d95ea5c1006d4b4e

Size

381KB

Sample

220127-cremfaeahq

Score
10 /10
MD5

a8ad152b6a131d69add2461074dfc280

SHA1

e8fb416d84d57981b5808a16913a620e3efc63af

SHA256

9082e20b7743984cb2f22a22cf3871e22d8d9c6f33a03fe6d95ea5c1006d4b4e

SHA512

0fb332d8adddd8d0579fa932f3bf05fee206ba9598c5a952692558d87175172cb540b30fd8cc63011ad2e00a27de431d68b0dce7ca6d1bbb34f023124301000d

Malware Config

Extracted

Family redline
Botnet ruzkiKAKOYTO
C2

185.215.113.29:20819
Targets
Target

9082e20b7743984cb2f22a22cf3871e22d8d9c6f33a03fe6d95ea5c1006d4b4e

MD5

a8ad152b6a131d69add2461074dfc280

Filesize

381KB

Score
10/10
SHA1

e8fb416d84d57981b5808a16913a620e3efc63af

SHA256

9082e20b7743984cb2f22a22cf3871e22d8d9c6f33a03fe6d95ea5c1006d4b4e

SHA512

0fb332d8adddd8d0579fa932f3bf05fee206ba9598c5a952692558d87175172cb540b30fd8cc63011ad2e00a27de431d68b0dce7ca6d1bbb34f023124301000d

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files

  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

behavioral1
MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
    Defense Evasion
      Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation