redline | 11d42e1e9c185143fc47e71c999b6c663ab165a82efb3444222447d91273e4b5 | Triage

Submit
Reports

Overview

overview

Static

static

11d42e1e9c...b5.exe

windows7_x64

11d42e1e9c...b5.exe

windows10_x64

Resubmissions

28-01-2022 15:31

220128-sydxgsgag8 10

27-01-2022 21:16

220127-z4xp4sbcb3 1

Sharing

General

Target

11d42e1e9c185143fc47e71c999b6c663ab165a82efb3444222447d91273e4b5
Size

330KB
Sample

220128-sydxgsgag8
MD5

97db02564dfc6ce64a0b9a63f8533146
SHA1

4d8a0fd67af6dfd07ba7abfd5ed0671af82bd539
SHA256

11d42e1e9c185143fc47e71c999b6c663ab165a82efb3444222447d91273e4b5
SHA512

2ae8d2492ac2b3acc398074a11123bd327211139e6b397a6529a15ea919172628f8e6efe496785bb2fd445850c1cad190960d36403ed12fa0938626c9499cdd9

Score

10^/10

redline ruzkikakoyto discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

11d42e1e9c185143fc47e71c999b6c663ab165a82efb3444222447d91273e4b5.exe

Resource

win7-en-20211208

redline ruzkikakoyto discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

11d42e1e9c185143fc47e71c999b6c663ab165a82efb3444222447d91273e4b5.exe

Resource

win10-en-20211208

redline ruzkikakoyto discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

ruzkiKAKOYTO

C2

185.215.113.29:20819

Targets

- Target
  
  11d42e1e9c185143fc47e71c999b6c663ab165a82efb3444222447d91273e4b5
- Size
  
  330KB
- MD5
  
  97db02564dfc6ce64a0b9a63f8533146
- SHA1
  
  4d8a0fd67af6dfd07ba7abfd5ed0671af82bd539
- SHA256
  
  11d42e1e9c185143fc47e71c999b6c663ab165a82efb3444222447d91273e4b5
- SHA512
  
  2ae8d2492ac2b3acc398074a11123bd327211139e6b397a6529a15ea919172628f8e6efe496785bb2fd445850c1cad190960d36403ed12fa0938626c9499cdd9
Score

10^/10

redline ruzkikakoyto discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineruzkikakoytodiscoveryinfostealerspywarestealer

behavioral2

redlineruzkikakoytodiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy