redline | bf69921a8293c830267b93751b85c3b88f6262c371423ae40fe500b20184f051 | Triage

Submit
Reports

Overview

overview

Static

static

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

General

Target

file.exe
Size

1.1MB
Sample

220919-nxa2zsbcbm
MD5

60c91bf6960a8103919656fbe7da5cdc
SHA1

3609a2b98d28f4715e323e000c876c2468d2895c
SHA256

bf69921a8293c830267b93751b85c3b88f6262c371423ae40fe500b20184f051
SHA512

2ed01e68396007532cace1acaf9c8578af33b3fc9e9474ba93a87e4cf6be50754de1e8f250c060b13662e60776365c8eb22a3eabac87e81743cf3f1d35023c93
SSDEEP

24576:We9O5TV7pKJktsJ6+jHg/XJUHhz9V6/7TDP:2TV1XgHgvJEh5V6/7

Score

10^/10

redline 3108_ruzki infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20220901-en

redline 3108_ruzki infostealer spyware

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20220812-en

redline 3108_ruzki infostealer spyware

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

3108_RUZKI

C2

213.219.247.199:9452

Attributes

auth_value
f71fed1cd094e4e1eb7ad1c53e542bca

Targets

- Target
  
  file.exe
- Size
  
  1.1MB
- MD5
  
  60c91bf6960a8103919656fbe7da5cdc
- SHA1
  
  3609a2b98d28f4715e323e000c876c2468d2895c
- SHA256
  
  bf69921a8293c830267b93751b85c3b88f6262c371423ae40fe500b20184f051
- SHA512
  
  2ed01e68396007532cace1acaf9c8578af33b3fc9e9474ba93a87e4cf6be50754de1e8f250c060b13662e60776365c8eb22a3eabac87e81743cf3f1d35023c93
- SSDEEP
  
  24576:We9O5TV7pKJktsJ6+jHg/XJUHhz9V6/7TDP:2TV1XgHgvJEh5V6/7
Score

10^/10

redline 3108_ruzki infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline3108_ruzkiinfostealerspyware

behavioral2

redline3108_ruzkiinfostealerspyware

© 2018-2024

Terms | Privacy