redline

General

Target

7ac72b34135c477ed3a76b034ca8c88e.exe
Size

1.7MB
Sample

220516-nnw8vsccdr
MD5

7ac72b34135c477ed3a76b034ca8c88e
SHA1

55d8f7350b4227c48b9693b0c96ea2db71ec2c66
SHA256

b97ec7e0e3cb3922938a3ca6b41aa925f2347d4fe5fa16a09d00de770202b058
SHA512

ba589d69c5dc59e04b631bfb9098ab500cec3432a62e33a7cdb1da705fed26a45de8e01728c8ba29b326c78fbb9f37e3b2ea9fd945288e2ad3f4348c940eed99

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

Ruzki 3k

C2

194.87.71.5:12857

Attributes

auth_value
a48aca103247e146d387585961a62d1a

Targets

- Target
  
  7ac72b34135c477ed3a76b034ca8c88e.exe
- Size
  
  1.7MB
- MD5
  
  7ac72b34135c477ed3a76b034ca8c88e
- SHA1
  
  55d8f7350b4227c48b9693b0c96ea2db71ec2c66
- SHA256
  
  b97ec7e0e3cb3922938a3ca6b41aa925f2347d4fe5fa16a09d00de770202b058
- SHA512
  
  ba589d69c5dc59e04b631bfb9098ab500cec3432a62e33a7cdb1da705fed26a45de8e01728c8ba29b326c78fbb9f37e3b2ea9fd945288e2ad3f4348c940eed99
Score

10^/10

redline ruzki 3k infostealer spyware stealer suricata upx
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Lateral Movement

Collection

Data from Local System

2

T1005

Exfiltration

Command and Control

Web Service

1

T1102

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine Payload

suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

Downloads MZ/PE file

Executes dropped EXE

UPX packed file

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2