redline | 3e66d72e6cb4fab3bf03a7a1ba048e661b9669928a021140d4d0cde12ced097f | Triage

Submit
Reports

Overview

overview

Static

static

ttcopy.exe

windows7_x64

ttcopy.exe

windows10_x64

Resubmissions

31/03/2025, 16:27

250331-tx63bawmt7 10

20/09/2021, 10:27

210920-mg376adga2 10

Sharing

General

Target

ttcopy.exe
Size

1.4MB
Sample

210920-mg376adga2
MD5

eace0039dd2f8fb2a963b0cf8208b8ed
SHA1

3c9095b0e6b423b17abb966bc2dce7092a05fe70
SHA256

3e66d72e6cb4fab3bf03a7a1ba048e661b9669928a021140d4d0cde12ced097f
SHA512

eaf1ffb532deda9424cbfb3655dbe423f6e0ec289dd7eeec02714eef516e068c0fa15c914fc69f146d5d9a3839b6a34d2a81925953c66b4b0252ae28c7345135

Score

10^/10

redline cheat discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

ttcopy.exe

Resource

win7-en-20210916

redline cheat discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ttcopy.exe

Resource

win10v20210408

redline cheat discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

103.168.67.29:6677

Targets

- Target
  
  ttcopy.exe
- Size
  
  1.4MB
- MD5
  
  eace0039dd2f8fb2a963b0cf8208b8ed
- SHA1
  
  3c9095b0e6b423b17abb966bc2dce7092a05fe70
- SHA256
  
  3e66d72e6cb4fab3bf03a7a1ba048e661b9669928a021140d4d0cde12ced097f
- SHA512
  
  eaf1ffb532deda9424cbfb3655dbe423f6e0ec289dd7eeec02714eef516e068c0fa15c914fc69f146d5d9a3839b6a34d2a81925953c66b4b0252ae28c7345135
Score

10^/10

redline cheat discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinecheatdiscoveryinfostealerspywarestealer

behavioral2

redlinecheatdiscoveryinfostealerspywarestealer

© 2018-2025

Terms | Privacy