redline | 9651b11d911a149d32c48b23f0f60c3d049122fbad1157d6f523de0025fd5165 | Triage

Sharing

General

Target

9651b11d911a149d32c48b23f0f60c3d049122fbad1157d6f523de0025fd5165
Size

441KB
Sample

220213-xh7bbaddfr
MD5

b9c0a397dcc8250901a7d6ca91a7fcae
SHA1

ee60159c6f091757f13a6d176008b8cc8bc5659d
SHA256

9651b11d911a149d32c48b23f0f60c3d049122fbad1157d6f523de0025fd5165
SHA512

82f683aef5bcd35c1a18ea53c27c45af3766dc497db20f0c6c8a2cfba4233fbc3b89ae48d3df3f413c36cdc3f6f4388a97e6f84f4f6df9daf1d959e380978142

Score

10^/10

redline ruzkikakoyto discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

ruzkiKAKOYTO

C2

185.215.113.29:20819

Attributes

auth_value
44e87155dd7a4d1957a956ed040ff3fd

Targets

- Target
  
  9651b11d911a149d32c48b23f0f60c3d049122fbad1157d6f523de0025fd5165
- Size
  
  441KB
- MD5
  
  b9c0a397dcc8250901a7d6ca91a7fcae
- SHA1
  
  ee60159c6f091757f13a6d176008b8cc8bc5659d
- SHA256
  
  9651b11d911a149d32c48b23f0f60c3d049122fbad1157d6f523de0025fd5165
- SHA512
  
  82f683aef5bcd35c1a18ea53c27c45af3766dc497db20f0c6c8a2cfba4233fbc3b89ae48d3df3f413c36cdc3f6f4388a97e6f84f4f6df9daf1d959e380978142
Score

10^/10

redline ruzkikakoyto discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineruzkikakoytodiscoveryinfostealerspywarestealer