redline | 713eeb4e9271fe4b15160d900ad78498838bb33f7f97ad544a705ab2a46d97cf | Triage

Submit
Reports

Overview

overview

Static

static

0x00070000...90.exe

windows7-x64

0x00070000...90.exe

windows10-2004-x64

Sharing

General

Target

0x00070000000126cd-90.dat
Size

107KB
Sample

220811-rw2ebsafb3
MD5

4bf892a854af9af2802f526837819f6e
SHA1

09f2e9938466e74a67368ecd613efdc57f80c30b
SHA256

713eeb4e9271fe4b15160d900ad78498838bb33f7f97ad544a705ab2a46d97cf
SHA512

7ef9d8cb4daf6be60c5a41439dab4e7384676b34de2341ac52cb33815645fbb51a4b78725ea97479d287a8d7a0a61b4b337b1ad49cce2a23c9192fd9b7678d44

Score

10^/10

redline ruxarr_gg discovery infostealer spyware stealer

Static task

static1

ruxarr_gg redline

2 signatures

Behavioral task

behavioral1

Sample

0x00070000000126cd-90.exe

Resource

win7-20220715-en

redline ruxarr_gg discovery infostealer spyware stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

0x00070000000126cd-90.exe

Resource

win10v2004-20220721-en

redline ruxarr_gg discovery infostealer spyware stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

RuXaRR_GG

C2

insttaller.com:40915

Attributes

auth_value
4a733ff307847db3ee220c11d113a305

Targets

- Target
  
  0x00070000000126cd-90.dat
- Size
  
  107KB
- MD5
  
  4bf892a854af9af2802f526837819f6e
- SHA1
  
  09f2e9938466e74a67368ecd613efdc57f80c30b
- SHA256
  
  713eeb4e9271fe4b15160d900ad78498838bb33f7f97ad544a705ab2a46d97cf
- SHA512
  
  7ef9d8cb4daf6be60c5a41439dab4e7384676b34de2341ac52cb33815645fbb51a4b78725ea97479d287a8d7a0a61b4b337b1ad49cce2a23c9192fd9b7678d44
Score

10^/10

redline ruxarr_gg discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

ruxarr_ggredline

behavioral1

redlineruxarr_ggdiscoveryinfostealerspywarestealer

behavioral2

redlineruxarr_ggdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy