General

  • Target

    327df9ee5e64512b498d2ea577fa4cf89bdf1e74410b94c22b5f859bf9ad0129

  • Size

    265KB

  • Sample

    220627-ly5lwacbc5

  • MD5

    f736217412ba9ac14cce552a7d55f462

  • SHA1

    ddd96827801ac8eb0f39130d7556c26d3746770b

  • SHA256

    165d5dcb5b9e439725ae8d07fe30f0b2413a010462483cba4c140b01d0044ed6

  • SHA512

    31e7c69b644b6c7cd7f28c60620eef4787d014c00487d934fe133b4909e526f5c9b1bf04e8698e933d15b2a2798250be7081a8fe4d0a91953e32d62e9d37357a

Malware Config

Extracted

Family

redline

Botnet

RUZKI

C2

193.106.191.246:23196

Attributes
  • auth_value

    121027c094f768a0a0e9b562f6417952

Targets

    • Target

      327df9ee5e64512b498d2ea577fa4cf89bdf1e74410b94c22b5f859bf9ad0129

    • Size

      388KB

    • MD5

      a48892ca959b74c4eb8ff7bad785f882

    • SHA1

      7f173ee59e9408be747bb6463e2b6b09fc8176fc

    • SHA256

      327df9ee5e64512b498d2ea577fa4cf89bdf1e74410b94c22b5f859bf9ad0129

    • SHA512

      0ec6825f210fe302429b9a6246f520423473df288ef4e60ea00103c04ac237a0991c86d18c98820fc46061f884dd65c796c00922260cdc73fb8a5f39df5ac001

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks