redline | 9ad43994be27b8156dfcb82fbe8549b258985f3579adcc94d8712a3e4d1c3294 | Triage

Submit
Reports

Overview

overview

Static

static

Redline_20...er.exe

windows7_x64

1

Redline_20...er.exe

windows10_x64

1

Redline_20...er.exe

windows10-2004_x64

1

Redline_20...er.exe

windows11_x64

Redline_20...ld.exe

windows7_x64

Redline_20...ld.exe

windows10_x64

Redline_20...ld.exe

windows10-2004_x64

Redline_20...ld.exe

windows11_x64

Redline_20...st.exe

windows7_x64

1

Redline_20...st.exe

windows10_x64

1

Redline_20...st.exe

windows10-2004_x64

1

Redline_20...st.exe

windows11_x64

Redline_20...er.exe

windows7_x64

4

Redline_20...er.exe

windows10_x64

4

Redline_20...er.exe

windows10-2004_x64

4

Redline_20...er.exe

windows11_x64

Redline_20...el.exe

windows7_x64

Redline_20...el.exe

windows10_x64

Redline_20...el.exe

windows10-2004_x64

Redline_20...el.exe

windows11_x64

Redline_20...me.exe

windows7_x64

8

Redline_20...me.exe

windows10_x64

8

Redline_20...me.exe

windows10-2004_x64

8

Redline_20...me.exe

windows11_x64

Redline_20...48.exe

windows7_x64

8

Redline_20...48.exe

windows10_x64

8

Redline_20...48.exe

windows10-2004_x64

8

Redline_20...48.exe

windows11_x64

Redline_20...ar.exe

windows7_x64

1

Redline_20...ar.exe

windows10_x64

1

Redline_20...ar.exe

windows10-2004_x64

1

Redline_20...ar.exe

windows11_x64

Sharing

General

Target

Redline_2021_stealer-main.rar
Size

14.5MB
Sample

220702-rnvxkshef3
MD5

845874ac5340b1cdfb3de68baf474659
SHA1

d027798890003c454d3584fe30b95fcc5f016f7d
SHA256

9ad43994be27b8156dfcb82fbe8549b258985f3579adcc94d8712a3e4d1c3294
SHA512

1a92ce94f87e36be42914b969c3b1edbf4d62eb9e99e4fc57b9ef38d34dc8d053f9bb0112c3b9ee589e0593ebc0cc9efcc56b9f2be1c3ed5e1910d48d64f996b

Score

10^/10

redline test1 discovery evasion infostealer persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Redline_2021_stealer-main/Kurome.Builder/Kurome.Builder.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Redline_2021_stealer-main/Kurome.Builder/Kurome.Builder.exe

Resource

win10-20220414-en

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

Redline_2021_stealer-main/Kurome.Builder/Kurome.Builder.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

Redline_2021_stealer-main/Kurome.Builder/Kurome.Builder.exe

Resource

win11-20220223-en

windows11_x64

0 signatures

0 seconds

Behavioral task

behavioral5

Sample

Redline_2021_stealer-main/Kurome.Builder/build.exe

Resource

win7-20220414-en

redline test1 infostealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral6

Sample

Redline_2021_stealer-main/Kurome.Builder/build.exe

Resource

win10-20220414-en

redline test1 infostealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral7

Sample

Redline_2021_stealer-main/Kurome.Builder/build.exe

Resource

win10v2004-20220414-en

redline test1 infostealer

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral8

Sample

Redline_2021_stealer-main/Kurome.Builder/build.exe

Resource

win11-20220223-en

windows11_x64

0 signatures

0 seconds

Behavioral task

behavioral9

Sample

Redline_2021_stealer-main/Kurome.Host/Kurome.Host.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral10

Sample

Redline_2021_stealer-main/Kurome.Host/Kurome.Host.exe

Resource

win10-20220414-en

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral11

Sample

Redline_2021_stealer-main/Kurome.Host/Kurome.Host.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral12

Sample

Redline_2021_stealer-main/Kurome.Host/Kurome.Host.exe

Resource

win11-20220223-en

windows11_x64

0 signatures

0 seconds

Behavioral task

behavioral13

Sample

Redline_2021_stealer-main/Kurome.Loader/Kurome.Loader.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral14

Sample

Redline_2021_stealer-main/Kurome.Loader/Kurome.Loader.exe

Resource

win10-20220414-en

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral15

Sample

Redline_2021_stealer-main/Kurome.Loader/Kurome.Loader.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral16

Sample

Redline_2021_stealer-main/Kurome.Loader/Kurome.Loader.exe

Resource

win11-20220223-en

windows11_x64

0 signatures

0 seconds

Behavioral task

behavioral17

Sample

Redline_2021_stealer-main/Panel/RedLine_20_2/Panel/Panel.exe

Resource

win7-20220414-en

redline infostealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral18

Sample

Redline_2021_stealer-main/Panel/RedLine_20_2/Panel/Panel.exe

Resource

win10-20220414-en

redline infostealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral19

Sample

Redline_2021_stealer-main/Panel/RedLine_20_2/Panel/Panel.exe

Resource

win10v2004-20220414-en

redline infostealer

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral20

Sample

Redline_2021_stealer-main/Panel/RedLine_20_2/Panel/Panel.exe

Resource

win11-20220223-en

windows11_x64

0 signatures

0 seconds

Behavioral task

behavioral21

Sample

Redline_2021_stealer-main/Panel/RedLine_20_2/Tools/Chrome.exe

Resource

win7-20220414-en

discovery evasion persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral22

Sample

Redline_2021_stealer-main/Panel/RedLine_20_2/Tools/Chrome.exe

Resource

win10-20220414-en

discovery persistence spyware stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral23

Sample

Redline_2021_stealer-main/Panel/RedLine_20_2/Tools/Chrome.exe

Resource

win10v2004-20220414-en

discovery persistence spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral24

Sample

Redline_2021_stealer-main/Panel/RedLine_20_2/Tools/Chrome.exe

Resource

win11-20220223-en

windows11_x64

0 signatures

0 seconds

Behavioral task

behavioral25

Sample

Redline_2021_stealer-main/Panel/RedLine_20_2/Tools/NetFramework48.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral26

Sample

Redline_2021_stealer-main/Panel/RedLine_20_2/Tools/NetFramework48.exe

Resource

win10-20220414-en

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral27

Sample

Redline_2021_stealer-main/Panel/RedLine_20_2/Tools/NetFramework48.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral28

Sample

Redline_2021_stealer-main/Panel/RedLine_20_2/Tools/NetFramework48.exe

Resource

win11-20220223-en

windows11_x64

0 signatures

0 seconds

Behavioral task

behavioral29

Sample

Redline_2021_stealer-main/Panel/RedLine_20_2/Tools/WinRar.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral30

Sample

Redline_2021_stealer-main/Panel/RedLine_20_2/Tools/WinRar.exe

Resource

win10-20220414-en

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral31

Sample

Redline_2021_stealer-main/Panel/RedLine_20_2/Tools/WinRar.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral32

Sample

Redline_2021_stealer-main/Panel/RedLine_20_2/Tools/WinRar.exe

Resource

win11-20220223-en

windows11_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

test1

C2

213.227.155.164:29166

Targets

- Target
  
  Redline_2021_stealer-main/Kurome.Builder/Kurome.Builder.exe
- Size
  
  137KB
- MD5
  
  cf38a4bde3fe5456dcaf2b28d3bfb709
- SHA1
  
  711518af5fa13f921f3273935510627280730543
- SHA256
  
  c47b78e566425fc4165a83b2661313e41ee8d66241f7bea7723304a6a751595e
- SHA512
  
  3302b270ee028868ff877fa291c51e6c8b12478e7d873ddb9009bb68b55bd3a08a2756619b4415a76a5b4167abd7c7c3b9cc9f44c32a29225ff0fc2f94a1a4cc
Score

1^/10
behavioral1 behavioral2 behavioral3 behavioral4
- Target
  
  Redline_2021_stealer-main/Kurome.Builder/build.exe
- Size
  
  95KB
- MD5
  
  9c35a28aa792b1891ab7eff22a796626
- SHA1
  
  dc99121a44891d784416ddc53d7ab91de641f5f6
- SHA256
  
  51d29d896304ab866f92d504ea616f05031ff9cc22675883f50ffbaebc19e422
- SHA512
  
  3273d1ae6178fb3caa601ef15d40b2899a5d09b1cb4df376e1ecd7b303eaf9b3b7d3352c15317283d85939e91af021cb033fdd16fa0532424476ed571ff114c9
Score

10^/10

redline test1 infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
behavioral5 behavioral6 behavioral7 behavioral8
- Target
  
  Redline_2021_stealer-main/Kurome.Host/Kurome.Host.exe
- Size
  
  119KB
- MD5
  
  4fde0f80c408af27a8d3ddeffea12251
- SHA1
  
  e834291127af150ce287443c5ea607a7ae337484
- SHA256
  
  1b644cdb1c7247c07d810c0ea10bec34dc5600f3645589690a219de08cf2dedb
- SHA512
  
  3693aeaa2cc276060b899f21f6f57f435b75fec5bcd7725b2dd79043b341c12ebc29bd43b287eb22a3e31fd2b50c4fa36bf020f9f3db5e2f75fe8cc747eca5f5
Score

1^/10
behavioral9 behavioral10 behavioral11 behavioral12
- Target
  
  Redline_2021_stealer-main/Kurome.Loader/Kurome.Loader.exe
- Size
  
  2.2MB
- MD5
  
  a3ec05d5872f45528bbd05aeecf0a4ba
- SHA1
  
  68486279c63457b0579d86cd44dd65279f22d36f
- SHA256
  
  d4797b2e4957c9041ba32454657f5d9a457851c6b5845a57e0e5397707e7773e
- SHA512
  
  b96b582bb26cb40dbb2a0709a6c88acd87242d0607d548473e3023ffa0a6c9348922a98a4948f105ea0b8224a3930af1e698c6cee3c36ca6a83df6d20c868e8e
Score

4^/10
behavioral13 behavioral14 behavioral15 behavioral16
- Target
  
  Redline_2021_stealer-main/Panel/RedLine_20_2/Panel/Panel.exe
- Size
  
  9.3MB
- MD5
  
  f4e19b67ef27af1434151a512860574e
- SHA1
  
  56304fc2729974124341e697f3b21c84a8dd242a
- SHA256
  
  c7a8709013ada38fc2e1ceb3b15631f2aea8e156eb3f0aa197e02df1259a493a
- SHA512
  
  a92e73d58c51bb74618987f06166f52a65ed1525410aec1b8e377ea8547c1123e313e13e305310f7a750c4561756d87ff558670bf4df8b62ea874d6f7c14ca77
Score

10^/10

redline infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral17 behavioral18 behavioral19 behavioral20
- Target
  
  Redline_2021_stealer-main/Panel/RedLine_20_2/Tools/Chrome.exe
- Size
  
  1.1MB
- MD5
  
  92cfeb7c07906eac0d4220b8a1ed65b1
- SHA1
  
  882b83e903b5b4c7c75f0b1dc31bb7aa8938d8fa
- SHA256
  
  38b827a431b89da0d9cdd444373364371f4f6e6bf299e7935f05b2351ca9186c
- SHA512
  
  e2ee932f5b81403935a977f9d3c8e2e4f6a4c9a1967b7e1cf61229a7746a24aae486ac6b779fb570f1dff02a3ff30107044f0427ce46474b91d788c78c8fcfbf
Score

8^/10

discovery evasion persistence spyware stealer trojan
- Downloads MZ/PE file
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Registers COM server for autorun
  persistence
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral21 behavioral22 behavioral23 behavioral24
- Target
  
  Redline_2021_stealer-main/Panel/RedLine_20_2/Tools/NetFramework48.exe
- Size
  
  1.4MB
- MD5
  
  86482f2f623a52b8344b00968adc7b43
- SHA1
  
  755349ecd6a478fe010e466b29911d2388f6ce94
- SHA256
  
  2c7530edbf06b08a0b9f4227c24ec37d95f3998ee7e6933ae22a9943d0adfa57
- SHA512
  
  64c168263fd48788d90919cbb9992855aed4ffe9a0f8052cb84f028ca239102c0571dfaf75815d72ad776009f5fc4469c957113fb66da7d4e9c83601e8287f3d
Score

8^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral25 behavioral26 behavioral27 behavioral28
- Target
  
  Redline_2021_stealer-main/Panel/RedLine_20_2/Tools/WinRar.exe
- Size
  
  3.2MB
- MD5
  
  b66dec691784f00061bc43e62030c343
- SHA1
  
  779d947d41efafc2995878e56e213411de8fb4cf
- SHA256
  
  26b40c79356453c60498772423f99384a3d24dd2d0662d215506768cb9c58370
- SHA512
  
  6a89bd581baf372f07e76a3378e6f6eb29cac2e4981a7f0affb4101153407cadfce9f1b6b28d5a003f7d4039577029b2ec6ebcfd58e55288e056614fb03f8ba3
Score

1^/10
behavioral29 behavioral30 behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

redlinetest1infostealer

behavioral6

redlinetest1infostealer

behavioral7

redlinetest1infostealer

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

redlineinfostealer

behavioral18

redlineinfostealer

behavioral19

redlineinfostealer

behavioral20

behavioral21

discoveryevasionpersistencespywarestealertrojan

behavioral22

discoverypersistencespywarestealer

behavioral23

discoverypersistencespywarestealer

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32

© 2018-2024

Terms | Privacy