redline | 22c1d53ffde980544a2e044ff44fa8716da3a05a4ba54c1197432645d4c6b734 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

22c1d53ffde980544a2e044ff44fa8716da3a05a4ba54c1197432645d4c6b734
Size

6.7MB
Sample

220912-qa6w9adce2
MD5

9be5cf1bbb2988a7640df60a2b7edd9b
SHA1

f85aa6023e9e8924c0a28bcc57eb8e46a15f55f6
SHA256

22c1d53ffde980544a2e044ff44fa8716da3a05a4ba54c1197432645d4c6b734
SHA512

cdea910ca926ca9d61cc45bd33944971e7730ed1d9ec79780b1b590141ea311b3f83bd74aa90f6b5685f1f39be0d42becdc1a4acf32a90a64f9f00536f27ffcf
SSDEEP

98304:wy8QRWJDL97ATr3/pszj03/e+4znAqzIXAZgkLG9xBPr3ZZMnPmCmlim5FROc/L:p5on9GBiAqcwZDG9PpZMOCHi5L

Score

10^/10

redline 3108_ruzki discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

22c1d53ffde980544a2e044ff44fa8716da3a05a4ba54c1197432645d4c6b734.exe

Resource

win10-20220901-en

redline 3108_ruzki discovery infostealer spyware stealer

windows10-1703-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

3108_RUZKI

C2

213.219.247.199:9452

Attributes

auth_value
f71fed1cd094e4e1eb7ad1c53e542bca

Targets

- Target
  
  22c1d53ffde980544a2e044ff44fa8716da3a05a4ba54c1197432645d4c6b734
- Size
  
  6.7MB
- MD5
  
  9be5cf1bbb2988a7640df60a2b7edd9b
- SHA1
  
  f85aa6023e9e8924c0a28bcc57eb8e46a15f55f6
- SHA256
  
  22c1d53ffde980544a2e044ff44fa8716da3a05a4ba54c1197432645d4c6b734
- SHA512
  
  cdea910ca926ca9d61cc45bd33944971e7730ed1d9ec79780b1b590141ea311b3f83bd74aa90f6b5685f1f39be0d42becdc1a4acf32a90a64f9f00536f27ffcf
- SSDEEP
  
  98304:wy8QRWJDL97ATr3/pszj03/e+4znAqzIXAZgkLG9xBPr3ZZMnPmCmlim5FROc/L:p5on9GBiAqcwZDG9PpZMOCHi5L
Score

10^/10

redline 3108_ruzki discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline3108_ruzkidiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy