redline | 8a69cde551f65d84d88af5c0c65a4ad9ae590a130e8a6d491f9263d328fe9ee5 | Triage

Sharing

General

Target

8a69cde551f65d84d88af5c0c65a4ad9ae590a130e8a6d491f9263d328fe9ee5
Size

385KB
Sample

220212-al9jhsdhh8
MD5

ccf487ed8c286c55d6f8d020c370aab0
SHA1

870f3e8f3e483dd05eb68d1654d20066b168a1e4
SHA256

8a69cde551f65d84d88af5c0c65a4ad9ae590a130e8a6d491f9263d328fe9ee5
SHA512

e7507abe1554515077ec19f98da5886eab98d59b4fa88b31b5aaf2f258493f0a97b8448e7b77e5aa5872afcf8a86d64c6a05f7f9a8942765fca0c00ed864fbc6

Score

10^/10

redline ruzkikakoyto discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

ruzkiKAKOYTO

C2

185.215.113.29:20819

Attributes

auth_value
44e87155dd7a4d1957a956ed040ff3fd

Targets

- Target
  
  8a69cde551f65d84d88af5c0c65a4ad9ae590a130e8a6d491f9263d328fe9ee5
- Size
  
  385KB
- MD5
  
  ccf487ed8c286c55d6f8d020c370aab0
- SHA1
  
  870f3e8f3e483dd05eb68d1654d20066b168a1e4
- SHA256
  
  8a69cde551f65d84d88af5c0c65a4ad9ae590a130e8a6d491f9263d328fe9ee5
- SHA512
  
  e7507abe1554515077ec19f98da5886eab98d59b4fa88b31b5aaf2f258493f0a97b8448e7b77e5aa5872afcf8a86d64c6a05f7f9a8942765fca0c00ed864fbc6
Score

10^/10

redline ruzkikakoyto discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineruzkikakoytodiscoveryinfostealerspywarestealer