redline | e7a6447dec7f0f70a5878741ba65b207c408b16693de8f27f59102270290cd5f | Triage

Sharing

General

Target

e7a6447dec7f0f70a5878741ba65b207c408b16693de8f27f59102270290cd5f
Size

412KB
Sample

220211-l86lxscec4
MD5

f92533059225dbd7729de591ab79442f
SHA1

b53c524127aa71bc239bacf55dadcb35b34283c1
SHA256

e7a6447dec7f0f70a5878741ba65b207c408b16693de8f27f59102270290cd5f
SHA512

44772c30cbb9fd7ebc2cdd6285efe7f84062a588880b75a1c7d4179058bf69323f6a1d8b23a8eec47feda32b44c59583813104fabae5d61e2c6f4ee4f34ccc02

Score

10^/10

redline ruzkikakoyto discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

ruzkiKAKOYTO

C2

185.215.113.29:20819

Attributes

auth_value
44e87155dd7a4d1957a956ed040ff3fd

Targets

- Target
  
  e7a6447dec7f0f70a5878741ba65b207c408b16693de8f27f59102270290cd5f
- Size
  
  412KB
- MD5
  
  f92533059225dbd7729de591ab79442f
- SHA1
  
  b53c524127aa71bc239bacf55dadcb35b34283c1
- SHA256
  
  e7a6447dec7f0f70a5878741ba65b207c408b16693de8f27f59102270290cd5f
- SHA512
  
  44772c30cbb9fd7ebc2cdd6285efe7f84062a588880b75a1c7d4179058bf69323f6a1d8b23a8eec47feda32b44c59583813104fabae5d61e2c6f4ee4f34ccc02
Score

10^/10

redline ruzkikakoyto discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineruzkikakoytodiscoveryinfostealerspywarestealer