General

  • Target

    774422ca9a0f8d2584fe7d0552e7c54b695de6d3fd9477347fb98aa2b06c1526

  • Size

    381KB

  • Sample

    220127-dyt65sfbc2

  • MD5

    5820dd2f91c612f6ab8d13142d34b1a4

  • SHA1

    a69fd9b0fc8bc61dcd49ff981cc713aeba08938a

  • SHA256

    774422ca9a0f8d2584fe7d0552e7c54b695de6d3fd9477347fb98aa2b06c1526

  • SHA512

    1dc52388cf146754ad51f1064642ca705600a262e876a764626559a20d23f2dfd1960c6272a135a3236eb0809ca7a0f235f99d0436e7dd8fa165cf75c7907064

Malware Config

Extracted

Family

redline

Botnet

ruzkiKAKOYTO

C2

185.215.113.29:20819

Targets

    • Target

      774422ca9a0f8d2584fe7d0552e7c54b695de6d3fd9477347fb98aa2b06c1526

    • Size

      381KB

    • MD5

      5820dd2f91c612f6ab8d13142d34b1a4

    • SHA1

      a69fd9b0fc8bc61dcd49ff981cc713aeba08938a

    • SHA256

      774422ca9a0f8d2584fe7d0552e7c54b695de6d3fd9477347fb98aa2b06c1526

    • SHA512

      1dc52388cf146754ad51f1064642ca705600a262e876a764626559a20d23f2dfd1960c6272a135a3236eb0809ca7a0f235f99d0436e7dd8fa165cf75c7907064

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

1
T1005

Tasks