redline | 47ce7ac8df549ab98a770a2616d18c5da1c04ce9095a7595d41e5638370fedfd | Triage

Sharing

General

Target

47ce7ac8df549ab98a770a2616d18c5da1c04ce9095a7595d41e5638370fedfd
Size

451KB
Sample

220211-s8shmaedfn
MD5

2092402361384dfcb4ee8c12085e0933
SHA1

d423bdbcc1f54a6eac874b78f85638ae171eb1e2
SHA256

47ce7ac8df549ab98a770a2616d18c5da1c04ce9095a7595d41e5638370fedfd
SHA512

b0869d57f0746691a0a679fd6b22719aefbc5bebc2adc3d0c9562fca8d7df235ff7f7620d870038b37a23063d765616618acfa5d8fca51b1f4f90e8237708ab1

Score

10^/10

redline ruzkikakoyto discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

ruzkiKAKOYTO

C2

185.215.113.29:20819

Attributes

auth_value
44e87155dd7a4d1957a956ed040ff3fd

Targets

- Target
  
  47ce7ac8df549ab98a770a2616d18c5da1c04ce9095a7595d41e5638370fedfd
- Size
  
  451KB
- MD5
  
  2092402361384dfcb4ee8c12085e0933
- SHA1
  
  d423bdbcc1f54a6eac874b78f85638ae171eb1e2
- SHA256
  
  47ce7ac8df549ab98a770a2616d18c5da1c04ce9095a7595d41e5638370fedfd
- SHA512
  
  b0869d57f0746691a0a679fd6b22719aefbc5bebc2adc3d0c9562fca8d7df235ff7f7620d870038b37a23063d765616618acfa5d8fca51b1f4f90e8237708ab1
Score

10^/10

redline ruzkikakoyto discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineruzkikakoytodiscoveryinfostealerspywarestealer