redline | f6f9da2e5502881db46d389651e6829f9a52a43e8b46eea0798f65f54abda8ad | Triage

Sharing

General

Target

f6f9da2e5502881db46d389651e6829f9a52a43e8b46eea0798f65f54abda8ad
Size

385KB
Sample

220212-kfwqksbgaq
MD5

5896cf5a47d3e64e20733218bb9d0d44
SHA1

5ed629691a75677f2e2c8ce95787cb63f7d2a179
SHA256

f6f9da2e5502881db46d389651e6829f9a52a43e8b46eea0798f65f54abda8ad
SHA512

2927f76f76da705cb3b3cb9849471ed4bbf15c0ba61cd0ce621e6f4eabdad8af15bddb30f95518d1e687f2eab54ce1546fc70d6aafc8e9582daf9b328dfaec8d

Score

10^/10

redline ruzkikakoyto discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

ruzkiKAKOYTO

C2

185.215.113.29:20819

Attributes

auth_value
44e87155dd7a4d1957a956ed040ff3fd

Targets

- Target
  
  f6f9da2e5502881db46d389651e6829f9a52a43e8b46eea0798f65f54abda8ad
- Size
  
  385KB
- MD5
  
  5896cf5a47d3e64e20733218bb9d0d44
- SHA1
  
  5ed629691a75677f2e2c8ce95787cb63f7d2a179
- SHA256
  
  f6f9da2e5502881db46d389651e6829f9a52a43e8b46eea0798f65f54abda8ad
- SHA512
  
  2927f76f76da705cb3b3cb9849471ed4bbf15c0ba61cd0ce621e6f4eabdad8af15bddb30f95518d1e687f2eab54ce1546fc70d6aafc8e9582daf9b328dfaec8d
Score

10^/10

redline ruzkikakoyto discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineruzkikakoytodiscoveryinfostealerspywarestealer