Overview

overview

10

Static

static

80d73f1bad...43.exe

windows7_x64

10

80d73f1bad...43.exe

windows10-2004_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    80d73f1bad2556979c5c9759800ed243

  • Size

    413KB

  • Sample

    220623-rkj1xaddcq

  • MD5

    80d73f1bad2556979c5c9759800ed243

  • SHA1

    31089ba600b03d8592c99e6bdbd15585abdd8e1c

  • SHA256

    5d1e2200925af86836f79400e3cb449428ee40d9a053d01d4d88edccfcc76c68

  • SHA512

    e2f3c8c5043bf937ed4e15a69df4e153c1dd5bd874a8c7e072c85232ef09435a3db14f408a15b77b034109dcd863d06c86650a5f43b82341f0875e2557d4e38b

Score
10/10
redlineruzkidiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

RUZKI

C2

193.106.191.246:23196

Attributes
  • auth_value

    121027c094f768a0a0e9b562f6417952

Targets

    • Target

      80d73f1bad2556979c5c9759800ed243

    • Size

      413KB

    • MD5

      80d73f1bad2556979c5c9759800ed243

    • SHA1

      31089ba600b03d8592c99e6bdbd15585abdd8e1c

    • SHA256

      5d1e2200925af86836f79400e3cb449428ee40d9a053d01d4d88edccfcc76c68

    • SHA512

      e2f3c8c5043bf937ed4e15a69df4e153c1dd5bd874a8c7e072c85232ef09435a3db14f408a15b77b034109dcd863d06c86650a5f43b82341f0875e2557d4e38b

    Score
    10/10
    redlineruzkidiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks