redline | 82091a59f4d10c6fa1bb0e993883890daef376e9600ae8cc6e274f8f3bf96e7e | Triage

Sharing

General

Target

82091a59f4d10c6fa1bb0e993883890daef376e9600ae8cc6e274f8f3bf96e7e
Size

327KB
Sample

220211-g173kabfh5
MD5

403efbe20801cb52554f41baba3dc8cd
SHA1

abc3f6dcf95b89702777e40f8239883343eb759d
SHA256

82091a59f4d10c6fa1bb0e993883890daef376e9600ae8cc6e274f8f3bf96e7e
SHA512

f640b4a5969bc8d82a346c774268084356d552ea7cc579beeffd0c4cb75abca807ee50394b5d4df3ac8dda5ab6881b6f4ec15dbe93819bf7c60e10d71628ff52

Score

10^/10

redline ruzkikakoyto discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

ruzkiKAKOYTO

C2

185.215.113.29:20819

Attributes

auth_value
44e87155dd7a4d1957a956ed040ff3fd

Targets

- Target
  
  82091a59f4d10c6fa1bb0e993883890daef376e9600ae8cc6e274f8f3bf96e7e
- Size
  
  327KB
- MD5
  
  403efbe20801cb52554f41baba3dc8cd
- SHA1
  
  abc3f6dcf95b89702777e40f8239883343eb759d
- SHA256
  
  82091a59f4d10c6fa1bb0e993883890daef376e9600ae8cc6e274f8f3bf96e7e
- SHA512
  
  f640b4a5969bc8d82a346c774268084356d552ea7cc579beeffd0c4cb75abca807ee50394b5d4df3ac8dda5ab6881b6f4ec15dbe93819bf7c60e10d71628ff52
Score

10^/10

redline ruzkikakoyto discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineruzkikakoytodiscoveryinfostealerspywarestealer