redline | 5bf64a55ffb55f9b31a855762496cbd582f43dcd0fa2c762de35051cd1823dbf | Triage

Sharing

General

Target

5bf64a55ffb55f9b31a855762496cbd582f43dcd0fa2c762de35051cd1823dbf
Size

327KB
Sample

220211-cs9tzahhc2
MD5

605d3e797e6a8490c25fe8729e69f396
SHA1

739a069240c7864d2d1d06117fbaefe342b2abb5
SHA256

5bf64a55ffb55f9b31a855762496cbd582f43dcd0fa2c762de35051cd1823dbf
SHA512

e45a90a83f515151c7701f65a4604062952621e8eeb92eca150e038173913036cf5ba618d84c13ee13d658c9c310e3722fb2a4f8b8d7d1ed8fcd68df7f42b82d

Score

10^/10

redline ruzkikakoyto discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

ruzkiKAKOYTO

C2

185.215.113.29:20819

Attributes

auth_value
44e87155dd7a4d1957a956ed040ff3fd

Targets

- Target
  
  5bf64a55ffb55f9b31a855762496cbd582f43dcd0fa2c762de35051cd1823dbf
- Size
  
  327KB
- MD5
  
  605d3e797e6a8490c25fe8729e69f396
- SHA1
  
  739a069240c7864d2d1d06117fbaefe342b2abb5
- SHA256
  
  5bf64a55ffb55f9b31a855762496cbd582f43dcd0fa2c762de35051cd1823dbf
- SHA512
  
  e45a90a83f515151c7701f65a4604062952621e8eeb92eca150e038173913036cf5ba618d84c13ee13d658c9c310e3722fb2a4f8b8d7d1ed8fcd68df7f42b82d
Score

10^/10

redline ruzkikakoyto discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineruzkikakoytodiscoveryinfostealerspywarestealer