774422ca9a0f8d2584fe7d0552e7c54b695de6d3fd9477347fb98aa2b06c1526

General
Target

774422ca9a0f8d2584fe7d0552e7c54b695de6d3fd9477347fb98aa2b06c1526

Size

381KB

Sample

220127-dyt65sfbc2

Score
10 /10
MD5

5820dd2f91c612f6ab8d13142d34b1a4

SHA1

a69fd9b0fc8bc61dcd49ff981cc713aeba08938a

SHA256

774422ca9a0f8d2584fe7d0552e7c54b695de6d3fd9477347fb98aa2b06c1526

SHA512

1dc52388cf146754ad51f1064642ca705600a262e876a764626559a20d23f2dfd1960c6272a135a3236eb0809ca7a0f235f99d0436e7dd8fa165cf75c7907064

Malware Config

Extracted

Family redline
Botnet ruzkiKAKOYTO
C2

185.215.113.29:20819

Targets
Target

774422ca9a0f8d2584fe7d0552e7c54b695de6d3fd9477347fb98aa2b06c1526

MD5

5820dd2f91c612f6ab8d13142d34b1a4

Filesize

381KB

Score
10/10
SHA1

a69fd9b0fc8bc61dcd49ff981cc713aeba08938a

SHA256

774422ca9a0f8d2584fe7d0552e7c54b695de6d3fd9477347fb98aa2b06c1526

SHA512

1dc52388cf146754ad51f1064642ca705600a262e876a764626559a20d23f2dfd1960c6272a135a3236eb0809ca7a0f235f99d0436e7dd8fa165cf75c7907064

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation