Overview

overview

10

Static

static

327df9ee5e...29.exe

windows7_x64

10

327df9ee5e...29.exe

windows10-2004_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    327df9ee5e64512b498d2ea577fa4cf89bdf1e74410b94c22b5f859bf9ad0129

  • Size

    265KB

  • Sample

    220627-l9ybyaadcp

  • MD5

    28e51fdd016de373af65cc498a32e30a

  • SHA1

    53ef43ece0141948dd0bbfbe85d1448c7593d34f

  • SHA256

    51121e477bec3101b1dbc5bc45424e6a2394305e186f1eca953842c9d72305a8

  • SHA512

    63d04556331d1df4cb3fd178ab0b02e915962a56bb8fbff42522de8fde2facde05749114e1dadc594dce8754df5cace709b6de6715e96e046e093fcf588ccd3a

Score
10/10
redlineruzkidiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

RUZKI

C2

193.106.191.246:23196

Attributes
  • auth_value

    121027c094f768a0a0e9b562f6417952

Targets

    • Target

      327df9ee5e64512b498d2ea577fa4cf89bdf1e74410b94c22b5f859bf9ad0129

    • Size

      388KB

    • MD5

      a48892ca959b74c4eb8ff7bad785f882

    • SHA1

      7f173ee59e9408be747bb6463e2b6b09fc8176fc

    • SHA256

      327df9ee5e64512b498d2ea577fa4cf89bdf1e74410b94c22b5f859bf9ad0129

    • SHA512

      0ec6825f210fe302429b9a6246f520423473df288ef4e60ea00103c04ac237a0991c86d18c98820fc46061f884dd65c796c00922260cdc73fb8a5f39df5ac001

    Score
    10/10
    redlineruzkidiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks