Overview

overview

10

Static

static

f9ed745668...14.exe

windows7-x64

10

f9ed745668...14.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f9ed745668a3a1b10b2531cb51d8d22f19250d09fa01bd36b5d8756cb8b8bc14

  • Size

    273KB

  • Sample

    220811-qpefjshhf9

  • MD5

    fccf945795c0244190667dfe07d21b61

  • SHA1

    a113b48bc313b07f1406581bae2f8a95912e9f43

  • SHA256

    e5a15478fb947e20f5288b664a2f3a7cbdac05aa5d48378b2976ac5b9b47cb6a

  • SHA512

    7862346877dfc9ebd513471c1205e979f45b2338790751c931da9ba0f812d0408e0db202cd879e2b9d951df9f3183afbfdc78abccc34578e8865cafde74d9af9

Score
10/10
redlineruzkidiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

ruzki

C2

193.106.191.165:39482

Attributes
  • auth_value

    71a0558c0eea274a5bd617ea85786884

Targets

    • Target

      f9ed745668a3a1b10b2531cb51d8d22f19250d09fa01bd36b5d8756cb8b8bc14

    • Size

      354KB

    • MD5

      c19597e6f88306fbbc06cd0dadfd7452

    • SHA1

      f943847242914326548980fdd724547e5aea31b1

    • SHA256

      f9ed745668a3a1b10b2531cb51d8d22f19250d09fa01bd36b5d8756cb8b8bc14

    • SHA512

      14884470ad999fd0ec519ea9bdc3fa2e4e2a2e1b00b4d53242ab04219ff367230b2cb028606603f29b6ac6e8e8e55e122b644c95d44443001c3aded1d2f805ee

    Score
    10/10
    redlineruzkidiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks