General

  • Target

    8ac1ff8f3045a819c8bc2b7e6f11eef96117f8e11b81f97a1c5ac72cc807458d

  • Size

    243KB

  • Sample

    220212-13skfadbg8

  • MD5

    502b319744b6ca9e43eb167c9fe49e1c

  • SHA1

    96c349a468f46af5bbb8828f9246a5d1730d7356

  • SHA256

    c7fe331010b01ad45435a647a2658990e67a1d44c88be75e19d2c0945ad8fffe

  • SHA512

    20df8321f1acd0a8e1efb1de13d29dad54960df798d158e336a839dd9b42fb24e8388979b1180988fb9127862611a6a290c645df54982275fa023f52aefffafe

Malware Config

Extracted

Family

redline

Botnet

ruzkiKAKOYTO

C2

185.215.113.29:20819

Attributes
  • auth_value

    44e87155dd7a4d1957a956ed040ff3fd

Targets

    • Target

      8ac1ff8f3045a819c8bc2b7e6f11eef96117f8e11b81f97a1c5ac72cc807458d

    • Size

      375KB

    • MD5

      32816da2c4b57793f943d58058d9abec

    • SHA1

      2b7ec6b605cabf7c1156abb99640d30c6567203d

    • SHA256

      8ac1ff8f3045a819c8bc2b7e6f11eef96117f8e11b81f97a1c5ac72cc807458d

    • SHA512

      634bf6e5350d5b041b093fb49c330533c0ebb42105bc386b941ab7e3c619122418b905410a660517a99e12574c78f8ddf4b5bf1f21b73233678cda0842ff94bf

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

3
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

1
T1005

Tasks