redline | 802e00fc22d3901e1eff88739059e3c857ec393d76d328985bb327b7fc40d072 | Triage

Submit
Reports

Overview

overview

Static

static

154463679c...6b.exe

windows7_x64

154463679c...6b.exe

windows10_x64

Sharing

General

Target

154463679c7bbeaba7ad160c269b78bd3d424022f57624b803c908ac7d7c436b
Size

300KB
Sample

220129-r7g5tscgg2
MD5

ff3e3a622ae3033cdd599a69ca8647ba
SHA1

81f886a831170593cdd8f8fb5469a941e5f9f1df
SHA256

802e00fc22d3901e1eff88739059e3c857ec393d76d328985bb327b7fc40d072
SHA512

ee84f60948dc8ade68967cf7ec98e4f0625ca329bae9a2365a89ce3a2b851d0ad2f9759113b58fb6691c2b5932df07f972642c7595d77fca8065de2d2af22283

Score

10^/10

redline ruzkikakoyto discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

154463679c7bbeaba7ad160c269b78bd3d424022f57624b803c908ac7d7c436b.exe

Resource

win7-en-20211208

redline ruzkikakoyto discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

154463679c7bbeaba7ad160c269b78bd3d424022f57624b803c908ac7d7c436b.exe

Resource

win10-en-20211208

redline ruzkikakoyto discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

ruzkiKAKOYTO

C2

185.215.113.29:20819

Targets

- Target
  
  154463679c7bbeaba7ad160c269b78bd3d424022f57624b803c908ac7d7c436b
- Size
  
  458KB
- MD5
  
  a41ac098937259d16039f708b425af79
- SHA1
  
  00a5a9832ecf6c1b426c8a3c6dd07a6f51c23f56
- SHA256
  
  154463679c7bbeaba7ad160c269b78bd3d424022f57624b803c908ac7d7c436b
- SHA512
  
  999d4f52c3fd89954f20e7bba1b93347341e7c9007842fb2f05d2baa00513eaa0071752031a08bfc7884359bee18fc18936b1709fd8d4f58ead3e95395b0e7bc
Score

10^/10

redline ruzkikakoyto discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineruzkikakoytodiscoveryinfostealerspywarestealer

behavioral2

redlineruzkikakoytodiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy