redline | 47929d9a25c4a00903e993e847e118b3cd7a6847affad0281d5aad987b1f3224 | Triage

Sharing

General

Target

47929d9a25c4a00903e993e847e118b3cd7a6847affad0281d5aad987b1f3224
Size

327KB
Sample

220211-dd53xabfdm
MD5

449a294ba12cc33b95b954a6e5a6f939
SHA1

c6926f1efb0e953036ee896e2d5bd7be553589db
SHA256

47929d9a25c4a00903e993e847e118b3cd7a6847affad0281d5aad987b1f3224
SHA512

4c02558b189abb14ba05fdd2ce7658459de0833d2b1576662c03dc8ffd1b5feace7c4f4c922c8c2cfdd0764838200b9ad596513e00d67ebb8bd38fcd9e4de8ea

Score

10^/10

redline ruzkikakoyto discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

ruzkiKAKOYTO

C2

185.215.113.29:20819

Attributes

auth_value
44e87155dd7a4d1957a956ed040ff3fd

Targets

- Target
  
  47929d9a25c4a00903e993e847e118b3cd7a6847affad0281d5aad987b1f3224
- Size
  
  327KB
- MD5
  
  449a294ba12cc33b95b954a6e5a6f939
- SHA1
  
  c6926f1efb0e953036ee896e2d5bd7be553589db
- SHA256
  
  47929d9a25c4a00903e993e847e118b3cd7a6847affad0281d5aad987b1f3224
- SHA512
  
  4c02558b189abb14ba05fdd2ce7658459de0833d2b1576662c03dc8ffd1b5feace7c4f4c922c8c2cfdd0764838200b9ad596513e00d67ebb8bd38fcd9e4de8ea
Score

10^/10

redline ruzkikakoyto discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineruzkikakoytodiscoveryinfostealerspywarestealer