redline | ef79f6db1bdf3bf268d3b07980172db180b2e13df412f58e7fb08af76790d761 | Triage

Submit
Reports

Overview

overview

Static

static

ef1d1425ad...f9.exe

windows7_x64

ef1d1425ad...f9.exe

windows10-2004_x64

Sharing

General

Target

ef1d1425ad6d940b12e5e8a5afdce81bfb802bf5cac2a824673dd8ac6ad3d3f9
Size

243KB
Sample

220211-ttpzmaeeaq
MD5

de80cf06bb2000d818d0b3aae0d94d58
SHA1

8ba8587634c3853434fc62c21b9ba78f83bdec5c
SHA256

ef79f6db1bdf3bf268d3b07980172db180b2e13df412f58e7fb08af76790d761
SHA512

5c680d1e788e66ca6566dd6ffce06b1522b81c98a9f142d6503394239fa746f6a4aa494f1092dddd22f64efa199dbdbb098e479f7e65e3969928188670b605bc

Score

10^/10

redline ruzkikakoyto discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

ef1d1425ad6d940b12e5e8a5afdce81bfb802bf5cac2a824673dd8ac6ad3d3f9.exe

Resource

win7-en-20211208

redline ruzkikakoyto discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ef1d1425ad6d940b12e5e8a5afdce81bfb802bf5cac2a824673dd8ac6ad3d3f9.exe

Resource

win10v2004-en-20220113

discovery spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

ruzkiKAKOYTO

C2

185.215.113.29:20819

Attributes

auth_value
44e87155dd7a4d1957a956ed040ff3fd

Targets

- Target
  
  ef1d1425ad6d940b12e5e8a5afdce81bfb802bf5cac2a824673dd8ac6ad3d3f9
- Size
  
  375KB
- MD5
  
  fdd592dd8e14f4ca67384cd84c8052c8
- SHA1
  
  b48c85bb98ef4db20e7715f90dfc6792ba88751e
- SHA256
  
  ef1d1425ad6d940b12e5e8a5afdce81bfb802bf5cac2a824673dd8ac6ad3d3f9
- SHA512
  
  8f7e5f4c9ad0f180512d19f2e944d2e0b9f05a50574bf711c75669f4cd10fbafb2a842c321e99200fd61c7c78607bcc9a779ac7e49dc8dc3bee491ca38d1289e
Score

10^/10

redline ruzkikakoyto discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Suspicious use of NtCreateProcessExOtherParentProcess
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineruzkikakoytodiscoveryinfostealerspywarestealer

behavioral2

discoveryspywarestealer

© 2018-2024

Terms | Privacy