2ab48004c9b8194709f7cc30b89750a461845c7ecafc8d3419d44128a995f17f

General
Target

2ab48004c9b8194709f7cc30b89750a461845c7ecafc8d3419d44128a995f17f

Size

467KB

Sample

220128-a9gteadhd5

Score
10 /10
MD5

110dbf1ef8f9b83abbf5ed93d0c51959

SHA1

9989425b4be0d281cbc89ab725710ce117c6533a

SHA256

2ab48004c9b8194709f7cc30b89750a461845c7ecafc8d3419d44128a995f17f

SHA512

d25dd282c0229a87c5f0522aed6b93bd6971e02c45cb9ddea00ec4310126f41e9e82f8160fd22b3505995e6f2bcca550e26767d1bbaecdd3ed39a8b4090666c5

Malware Config

Extracted

Family redline
Botnet ruzkiKAKOYTO
C2

185.215.113.29:20819
Targets
Target

2ab48004c9b8194709f7cc30b89750a461845c7ecafc8d3419d44128a995f17f

MD5

110dbf1ef8f9b83abbf5ed93d0c51959

Filesize

467KB

Score
10/10
SHA1

9989425b4be0d281cbc89ab725710ce117c6533a

SHA256

2ab48004c9b8194709f7cc30b89750a461845c7ecafc8d3419d44128a995f17f

SHA512

d25dd282c0229a87c5f0522aed6b93bd6971e02c45cb9ddea00ec4310126f41e9e82f8160fd22b3505995e6f2bcca550e26767d1bbaecdd3ed39a8b4090666c5

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files

  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

behavioral1
MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
    Defense Evasion
      Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation