redline | 392049ce2edacaef91a29eb0ef2b7b9927a82550b592dedf725a33b6cfdd2381 | Triage

Submit
Reports

Overview

overview

Static

static

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

General

Target

file.exe
Size

2.4MB
Sample

220831-l3dzqacehp
MD5

fa6fcc58968ab07ee3ba390244209ddf
SHA1

7e2026fed85388aad0af7d4126a8f86709602585
SHA256

392049ce2edacaef91a29eb0ef2b7b9927a82550b592dedf725a33b6cfdd2381
SHA512

766d4c2b4d2746977dbe4568ac21bc790983f52ef902d12a6ea1f7de6527f344a8568da7176eff313854bbee653fe4b14e5bea3cd534175f47b29a2e98abdcbe
SSDEEP

24576:sTP7oYRYe8v2zJMfjoXDr3n6he4wouVPP1NFKvu8NLFTl3RuQ55313h:sTP3rKXutXFKvu8NBl3n

Score

10^/10

redline ruzki infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20220812-en

redline ruzki infostealer spyware

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20220812-en

redline ruzki infostealer spyware

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

ruzki

C2

janolavave.xyz:80

Attributes

auth_value
8d87105ec975d521a7eca8c88cdec737

Targets

- Target
  
  file.exe
- Size
  
  2.4MB
- MD5
  
  fa6fcc58968ab07ee3ba390244209ddf
- SHA1
  
  7e2026fed85388aad0af7d4126a8f86709602585
- SHA256
  
  392049ce2edacaef91a29eb0ef2b7b9927a82550b592dedf725a33b6cfdd2381
- SHA512
  
  766d4c2b4d2746977dbe4568ac21bc790983f52ef902d12a6ea1f7de6527f344a8568da7176eff313854bbee653fe4b14e5bea3cd534175f47b29a2e98abdcbe
- SSDEEP
  
  24576:sTP7oYRYe8v2zJMfjoXDr3n6he4wouVPP1NFKvu8NLFTl3RuQ55313h:sTP3rKXutXFKvu8NBl3n
Score

10^/10

redline ruzki infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineruzkiinfostealerspyware

behavioral2

redlineruzkiinfostealerspyware

© 2018-2024

Terms | Privacy