redline | 942e0964c559fd3e70af2a76fbbd7719cc03c97dbe748c4d7f8630316871fcc7 | Triage

Sharing

General

Target

942e0964c559fd3e70af2a76fbbd7719cc03c97dbe748c4d7f8630316871fcc7
Size

338KB
Sample

220811-v1anysabfr
MD5

db22affa89c9bd8aef32eb6b935ca750
SHA1

a5dec0b48868095fc48edd7be304f9f53de47097
SHA256

942e0964c559fd3e70af2a76fbbd7719cc03c97dbe748c4d7f8630316871fcc7
SHA512

f22b94584d49395fd8c6c971a5479ab04ae4ea3073cb907763412566465b7de83bdd333f099ef363cf14678a313b78386e6a5f6142ada36df88c700c2cb4b9ac

Score

10^/10

redline ruzki discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

ruzki

C2

193.106.191.165:39482

Attributes

auth_value
71a0558c0eea274a5bd617ea85786884

Targets

- Target
  
  942e0964c559fd3e70af2a76fbbd7719cc03c97dbe748c4d7f8630316871fcc7
- Size
  
  338KB
- MD5
  
  db22affa89c9bd8aef32eb6b935ca750
- SHA1
  
  a5dec0b48868095fc48edd7be304f9f53de47097
- SHA256
  
  942e0964c559fd3e70af2a76fbbd7719cc03c97dbe748c4d7f8630316871fcc7
- SHA512
  
  f22b94584d49395fd8c6c971a5479ab04ae4ea3073cb907763412566465b7de83bdd333f099ef363cf14678a313b78386e6a5f6142ada36df88c700c2cb4b9ac
Score

10^/10

redline ruzki discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineruzkidiscoveryinfostealerspywarestealer