redline | f78043064f0e16aea6e873598fe50a94361c399c3dc970400d158c7cf9b24120 | Triage

Sharing

General

Target

f78043064f0e16aea6e873598fe50a94361c399c3dc970400d158c7cf9b24120
Size

375KB
Sample

220210-xp7wesagcm
MD5

288ddef9619ae09941218195a684616c
SHA1

4dc7d8f1121f0d9a29b3d600db342804c8dc89bb
SHA256

f78043064f0e16aea6e873598fe50a94361c399c3dc970400d158c7cf9b24120
SHA512

d472fcbc80ca8198d55f342b5130443c7f9e9e0105d4bf6a927ad2bec0da09317093160e2a64481cde175b60aa22b04ee9c4040e3d06263689dec758768637e5

Score

10^/10

redline ruzkikakoyto discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

ruzkiKAKOYTO

C2

185.215.113.29:20819

Attributes

auth_value
44e87155dd7a4d1957a956ed040ff3fd

Targets

- Target
  
  f78043064f0e16aea6e873598fe50a94361c399c3dc970400d158c7cf9b24120
- Size
  
  375KB
- MD5
  
  288ddef9619ae09941218195a684616c
- SHA1
  
  4dc7d8f1121f0d9a29b3d600db342804c8dc89bb
- SHA256
  
  f78043064f0e16aea6e873598fe50a94361c399c3dc970400d158c7cf9b24120
- SHA512
  
  d472fcbc80ca8198d55f342b5130443c7f9e9e0105d4bf6a927ad2bec0da09317093160e2a64481cde175b60aa22b04ee9c4040e3d06263689dec758768637e5
Score

10^/10

redline ruzkikakoyto discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineruzkikakoytodiscoveryinfostealerspywarestealer