General

  • Target

    4cf571ee01adeb65e771faca68a4c06ecaaeeaa2951f3468a498895dc68138a0

  • Size

    440KB

  • Sample

    220213-rek11scehq

  • MD5

    87f7ad34a17409d72ee7dd69f78de7ce

  • SHA1

    322810254ead0bbfce5000ed9e99ddbe09a0f6a9

  • SHA256

    4cf571ee01adeb65e771faca68a4c06ecaaeeaa2951f3468a498895dc68138a0

  • SHA512

    6c02b3f77f91f859e1c8dbc990021c4a8aeb3a874b4dacfc7b922281f29e8742aa5620fb2c7997f1780140c47652894e05a979b25da6fe8b264ffa9cf5293ffe

Malware Config

Extracted

Family

redline

Botnet

ruzkiKAKOYTO

C2

185.215.113.29:20819

Attributes
  • auth_value

    44e87155dd7a4d1957a956ed040ff3fd

Targets

    • Target

      4cf571ee01adeb65e771faca68a4c06ecaaeeaa2951f3468a498895dc68138a0

    • Size

      440KB

    • MD5

      87f7ad34a17409d72ee7dd69f78de7ce

    • SHA1

      322810254ead0bbfce5000ed9e99ddbe09a0f6a9

    • SHA256

      4cf571ee01adeb65e771faca68a4c06ecaaeeaa2951f3468a498895dc68138a0

    • SHA512

      6c02b3f77f91f859e1c8dbc990021c4a8aeb3a874b4dacfc7b922281f29e8742aa5620fb2c7997f1780140c47652894e05a979b25da6fe8b264ffa9cf5293ffe

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

1
T1005

Tasks