redline | a5228f1d1c83f629bcbe9dd896ea0146536c3062d784b4f423b8067637bb89c4 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

a5228f1d1c83f629bcbe9dd896ea0146536c3062d784b4f423b8067637bb89c4
Size

250KB
Sample

210926-pye8rsehc4
MD5

3e725e8dff1b2cceda9ded3f05008fc5
SHA1

dd812593a8d873be8155de0ee611b578f49fd78f
SHA256

a5228f1d1c83f629bcbe9dd896ea0146536c3062d784b4f423b8067637bb89c4
SHA512

7f2422e8629ecdeaabca1e1c47cc280fb374c5d9a875b1399d33280d0784c14bfb9997eb8276c09c1c763e00a3b0dadfb1246391cae58e7f9057ee8b38042ad9

Score

10^/10

redline 2k ruzzki discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

a5228f1d1c83f629bcbe9dd896ea0146536c3062d784b4f423b8067637bb89c4.exe

Resource

win10v20210408

redline 2k ruzzki discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

2k ruzzki

C2

185.244.180.224:39957

Targets

- Target
  
  a5228f1d1c83f629bcbe9dd896ea0146536c3062d784b4f423b8067637bb89c4
- Size
  
  250KB
- MD5
  
  3e725e8dff1b2cceda9ded3f05008fc5
- SHA1
  
  dd812593a8d873be8155de0ee611b578f49fd78f
- SHA256
  
  a5228f1d1c83f629bcbe9dd896ea0146536c3062d784b4f423b8067637bb89c4
- SHA512
  
  7f2422e8629ecdeaabca1e1c47cc280fb374c5d9a875b1399d33280d0784c14bfb9997eb8276c09c1c763e00a3b0dadfb1246391cae58e7f9057ee8b38042ad9
Score

10^/10

redline 2k ruzzki discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline2k ruzzkidiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy