redline | b09d18c8c11d9c31c0a1ce5279370581efb4e72973cd4dbbb72a892427d40abd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8OHAY3F7J525jY5hOEKBjy4r.exe
Size

1.4MB
Sample

220914-q4nb1aaec5
MD5

e6d219e0adb976df14c835f2a009b2fc
SHA1

73ca214adcc6a015df213cdad5ac0ba303c02cda
SHA256

b09d18c8c11d9c31c0a1ce5279370581efb4e72973cd4dbbb72a892427d40abd
SHA512

fcdf60a1773e5e5a62f889d1bcc3c89a76c8405973c3bbb3af51a5999324f8e93146df7e769edfd24c3b50e947727dee42f020393e0a2cb73aa9f7197310296a
SSDEEP

24576:lEMm4Van63+YKYeegOA8BMAsQd/mArUPsBRl9tBYtYVTgx9LEHt5:lEz4Vc6ppOsd9bYtYVT0w5

Score

10^/10

redline ruzki13 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

ruzki13

C2

176.113.115.146:9582

Attributes

auth_value
e58a088bb451fbf3619de77d5856234c

Targets

- Target
  
  8OHAY3F7J525jY5hOEKBjy4r.exe
- Size
  
  1.4MB
- MD5
  
  e6d219e0adb976df14c835f2a009b2fc
- SHA1
  
  73ca214adcc6a015df213cdad5ac0ba303c02cda
- SHA256
  
  b09d18c8c11d9c31c0a1ce5279370581efb4e72973cd4dbbb72a892427d40abd
- SHA512
  
  fcdf60a1773e5e5a62f889d1bcc3c89a76c8405973c3bbb3af51a5999324f8e93146df7e769edfd24c3b50e947727dee42f020393e0a2cb73aa9f7197310296a
- SSDEEP
  
  24576:lEMm4Van63+YKYeegOA8BMAsQd/mArUPsBRl9tBYtYVTgx9LEHt5:lEz4Vc6ppOsd9bYtYVT0w5
Score

10^/10

redline ruzki13 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineruzki13infostealerspyware