Description
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
1a7b5daf08c7c02955dea00abc5e6da4a9db84c3f83049771bc19bfec42ea0bc
General
Target
Size
Sample
1a7b5daf08c7c02955dea00abc5e6da4a9db84c3f83049771bc19bfec42ea0bc
380KB
220127-erq2ksfeh6
Score
10 /10
MD5
SHA1
SHA256
SHA512
32df123facebb73427bab297315c3373
8f57c8a8283000320283a5d6941ef739677906e6
1a7b5daf08c7c02955dea00abc5e6da4a9db84c3f83049771bc19bfec42ea0bc
05662f495296511e5a7b42198c16f548f30bbb209770ca79ce684801ae74cd96ef440505adc316b139c8a71ac38953710b2519f6d31ee9422e5c5521a44f4051
Malware Config
Extracted
| Family | redline |
| Botnet | ruzkiKAKOYTO |
| C2 |
185.215.113.29:20819 |
Targets
Target
MD5
Filesize
1a7b5daf08c7c02955dea00abc5e6da4a9db84c3f83049771bc19bfec42ea0bc
32df123facebb73427bab297315c3373
380KB
Score
10/10
SHA1
SHA256
SHA512
8f57c8a8283000320283a5d6941ef739677906e6
1a7b5daf08c7c02955dea00abc5e6da4a9db84c3f83049771bc19bfec42ea0bc
05662f495296511e5a7b42198c16f548f30bbb209770ca79ce684801ae74cd96ef440505adc316b139c8a71ac38953710b2519f6d31ee9422e5c5521a44f4051
Tags
Signatures
-
RedLine
-
RedLine Payload
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Checks installed software on the system
Description
Looks up Uninstall key entries in the registry to enumerate software on the system.
Tags
TTPs
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks