General

  • Target

    33428f64c915dd2da0aab2d7214f77a5f9f4f79f26d958fd573758f05e295c4b

  • Size

    462KB

  • Sample

    220128-zb3ewsdce2

  • MD5

    85a7ab07e4ff71a760233acd26c9f733

  • SHA1

    872ce1c9f97c177558f325a6514b7adc03a603a9

  • SHA256

    33428f64c915dd2da0aab2d7214f77a5f9f4f79f26d958fd573758f05e295c4b

  • SHA512

    9dfce628f775c4f5efc8e6ce1981d496a8daa79bb778e4080e2a176c915a3db99cf93ad9495b1874c4b8a2538ed3f5c03af73ed075d9cc2fa2c7baa0626ca439

Malware Config

Extracted

Family

redline

Botnet

ruzkiKAKOYTO

C2

185.215.113.29:20819

Targets

    • Target

      33428f64c915dd2da0aab2d7214f77a5f9f4f79f26d958fd573758f05e295c4b

    • Size

      462KB

    • MD5

      85a7ab07e4ff71a760233acd26c9f733

    • SHA1

      872ce1c9f97c177558f325a6514b7adc03a603a9

    • SHA256

      33428f64c915dd2da0aab2d7214f77a5f9f4f79f26d958fd573758f05e295c4b

    • SHA512

      9dfce628f775c4f5efc8e6ce1981d496a8daa79bb778e4080e2a176c915a3db99cf93ad9495b1874c4b8a2538ed3f5c03af73ed075d9cc2fa2c7baa0626ca439

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

1
T1005

Tasks