redline | 3160f8d7ba9b3b64ba2ee22b70e1bb3521c84278d89d30dde7354fb56f20c1d3 | Triage

Submit
Reports

Overview

overview

Static

static

fbc6dcddde...63.exe

windows7_x64

fbc6dcddde...63.exe

windows10-2004_x64

Sharing

General

Target

fbc6dcddde1fa8598a4c10a72e389863.exe
Size

540KB
Sample

220520-wnk5labdg2
MD5

fbc6dcddde1fa8598a4c10a72e389863
SHA1

3a50f272f77bb601870b7c25c1bed7ffc9ea7a90
SHA256

3160f8d7ba9b3b64ba2ee22b70e1bb3521c84278d89d30dde7354fb56f20c1d3
SHA512

0cd4966c0d2d19a3a60eda7a403776ccbe335491c4ccb35270991ed2188b8d3f6fbec9ea82b8d64963ac4eef58b8c2e7e05eb0b0406dac9a866dcab0501c448d

Score

10^/10

redline ruz infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

fbc6dcddde1fa8598a4c10a72e389863.exe

Resource

win7-20220414-en

redline ruz infostealer spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

fbc6dcddde1fa8598a4c10a72e389863.exe

Resource

win10v2004-20220414-en

redline ruz infostealer spyware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

ruz

C2

91.211.251.186:41933

Attributes

auth_value
b5178f81ea8830c13e88c402dccf09f0

Targets

- Target
  
  fbc6dcddde1fa8598a4c10a72e389863.exe
- Size
  
  540KB
- MD5
  
  fbc6dcddde1fa8598a4c10a72e389863
- SHA1
  
  3a50f272f77bb601870b7c25c1bed7ffc9ea7a90
- SHA256
  
  3160f8d7ba9b3b64ba2ee22b70e1bb3521c84278d89d30dde7354fb56f20c1d3
- SHA512
  
  0cd4966c0d2d19a3a60eda7a403776ccbe335491c4ccb35270991ed2188b8d3f6fbec9ea82b8d64963ac4eef58b8c2e7e05eb0b0406dac9a866dcab0501c448d
Score

10^/10

redline ruz infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineruzinfostealerspyware

behavioral2

redlineruzinfostealerspyware

© 2018-2024

Terms | Privacy