Overview
overview
10Static
static
10Redline_20...er.exe
windows7_x64
1Redline_20...er.exe
windows10_x64
1Redline_20...er.exe
windows10-2004_x64
1Redline_20...er.exe
windows11_x64
Redline_20...ld.exe
windows7_x64
10Redline_20...ld.exe
windows10_x64
10Redline_20...ld.exe
windows10-2004_x64
10Redline_20...ld.exe
windows11_x64
Redline_20...st.exe
windows7_x64
1Redline_20...st.exe
windows10_x64
1Redline_20...st.exe
windows10-2004_x64
1Redline_20...st.exe
windows11_x64
Redline_20...er.exe
windows7_x64
4Redline_20...er.exe
windows10_x64
4Redline_20...er.exe
windows10-2004_x64
4Redline_20...er.exe
windows11_x64
Redline_20...el.exe
windows7_x64
10Redline_20...el.exe
windows10_x64
10Redline_20...el.exe
windows10-2004_x64
10Redline_20...el.exe
windows11_x64
Redline_20...me.exe
windows7_x64
8Redline_20...me.exe
windows10_x64
8Redline_20...me.exe
windows10-2004_x64
8Redline_20...me.exe
windows11_x64
Redline_20...48.exe
windows7_x64
8Redline_20...48.exe
windows10_x64
8Redline_20...48.exe
windows10-2004_x64
8Redline_20...48.exe
windows11_x64
Redline_20...ar.exe
windows7_x64
1Redline_20...ar.exe
windows10_x64
1Redline_20...ar.exe
windows10-2004_x64
1Redline_20...ar.exe
windows11_x64
General
-
Target
Redline_2021_stealer-main.rar
-
Size
14.5MB
-
Sample
220702-rnvxkshef3
-
MD5
845874ac5340b1cdfb3de68baf474659
-
SHA1
d027798890003c454d3584fe30b95fcc5f016f7d
-
SHA256
9ad43994be27b8156dfcb82fbe8549b258985f3579adcc94d8712a3e4d1c3294
-
SHA512
1a92ce94f87e36be42914b969c3b1edbf4d62eb9e99e4fc57b9ef38d34dc8d053f9bb0112c3b9ee589e0593ebc0cc9efcc56b9f2be1c3ed5e1910d48d64f996b
Behavioral task
behavioral1
Sample
Redline_2021_stealer-main/Kurome.Builder/Kurome.Builder.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Redline_2021_stealer-main/Kurome.Builder/Kurome.Builder.exe
Resource
win10-20220414-en
Behavioral task
behavioral3
Sample
Redline_2021_stealer-main/Kurome.Builder/Kurome.Builder.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral4
Sample
Redline_2021_stealer-main/Kurome.Builder/Kurome.Builder.exe
Resource
win11-20220223-en
Behavioral task
behavioral5
Sample
Redline_2021_stealer-main/Kurome.Builder/build.exe
Resource
win7-20220414-en
Behavioral task
behavioral6
Sample
Redline_2021_stealer-main/Kurome.Builder/build.exe
Resource
win10-20220414-en
Behavioral task
behavioral7
Sample
Redline_2021_stealer-main/Kurome.Builder/build.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral8
Sample
Redline_2021_stealer-main/Kurome.Builder/build.exe
Resource
win11-20220223-en
Behavioral task
behavioral9
Sample
Redline_2021_stealer-main/Kurome.Host/Kurome.Host.exe
Resource
win7-20220414-en
Behavioral task
behavioral10
Sample
Redline_2021_stealer-main/Kurome.Host/Kurome.Host.exe
Resource
win10-20220414-en
Behavioral task
behavioral11
Sample
Redline_2021_stealer-main/Kurome.Host/Kurome.Host.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral12
Sample
Redline_2021_stealer-main/Kurome.Host/Kurome.Host.exe
Resource
win11-20220223-en
Behavioral task
behavioral13
Sample
Redline_2021_stealer-main/Kurome.Loader/Kurome.Loader.exe
Resource
win7-20220414-en
Behavioral task
behavioral14
Sample
Redline_2021_stealer-main/Kurome.Loader/Kurome.Loader.exe
Resource
win10-20220414-en
Behavioral task
behavioral15
Sample
Redline_2021_stealer-main/Kurome.Loader/Kurome.Loader.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral16
Sample
Redline_2021_stealer-main/Kurome.Loader/Kurome.Loader.exe
Resource
win11-20220223-en
Behavioral task
behavioral17
Sample
Redline_2021_stealer-main/Panel/RedLine_20_2/Panel/Panel.exe
Resource
win7-20220414-en
Behavioral task
behavioral18
Sample
Redline_2021_stealer-main/Panel/RedLine_20_2/Panel/Panel.exe
Resource
win10-20220414-en
Behavioral task
behavioral19
Sample
Redline_2021_stealer-main/Panel/RedLine_20_2/Panel/Panel.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral20
Sample
Redline_2021_stealer-main/Panel/RedLine_20_2/Panel/Panel.exe
Resource
win11-20220223-en
Behavioral task
behavioral21
Sample
Redline_2021_stealer-main/Panel/RedLine_20_2/Tools/Chrome.exe
Resource
win7-20220414-en
Behavioral task
behavioral22
Sample
Redline_2021_stealer-main/Panel/RedLine_20_2/Tools/Chrome.exe
Resource
win10-20220414-en
Behavioral task
behavioral23
Sample
Redline_2021_stealer-main/Panel/RedLine_20_2/Tools/Chrome.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral24
Sample
Redline_2021_stealer-main/Panel/RedLine_20_2/Tools/Chrome.exe
Resource
win11-20220223-en
Behavioral task
behavioral25
Sample
Redline_2021_stealer-main/Panel/RedLine_20_2/Tools/NetFramework48.exe
Resource
win7-20220414-en
Behavioral task
behavioral26
Sample
Redline_2021_stealer-main/Panel/RedLine_20_2/Tools/NetFramework48.exe
Resource
win10-20220414-en
Behavioral task
behavioral27
Sample
Redline_2021_stealer-main/Panel/RedLine_20_2/Tools/NetFramework48.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral28
Sample
Redline_2021_stealer-main/Panel/RedLine_20_2/Tools/NetFramework48.exe
Resource
win11-20220223-en
Behavioral task
behavioral29
Sample
Redline_2021_stealer-main/Panel/RedLine_20_2/Tools/WinRar.exe
Resource
win7-20220414-en
Behavioral task
behavioral30
Sample
Redline_2021_stealer-main/Panel/RedLine_20_2/Tools/WinRar.exe
Resource
win10-20220414-en
Behavioral task
behavioral31
Sample
Redline_2021_stealer-main/Panel/RedLine_20_2/Tools/WinRar.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral32
Sample
Redline_2021_stealer-main/Panel/RedLine_20_2/Tools/WinRar.exe
Resource
win11-20220223-en
Malware Config
Extracted
redline
test1
213.227.155.164:29166
Targets
-
-
Target
Redline_2021_stealer-main/Kurome.Builder/Kurome.Builder.exe
-
Size
137KB
-
MD5
cf38a4bde3fe5456dcaf2b28d3bfb709
-
SHA1
711518af5fa13f921f3273935510627280730543
-
SHA256
c47b78e566425fc4165a83b2661313e41ee8d66241f7bea7723304a6a751595e
-
SHA512
3302b270ee028868ff877fa291c51e6c8b12478e7d873ddb9009bb68b55bd3a08a2756619b4415a76a5b4167abd7c7c3b9cc9f44c32a29225ff0fc2f94a1a4cc
Score1/10 -
-
-
Target
Redline_2021_stealer-main/Kurome.Builder/build.exe
-
Size
95KB
-
MD5
9c35a28aa792b1891ab7eff22a796626
-
SHA1
dc99121a44891d784416ddc53d7ab91de641f5f6
-
SHA256
51d29d896304ab866f92d504ea616f05031ff9cc22675883f50ffbaebc19e422
-
SHA512
3273d1ae6178fb3caa601ef15d40b2899a5d09b1cb4df376e1ecd7b303eaf9b3b7d3352c15317283d85939e91af021cb033fdd16fa0532424476ed571ff114c9
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
-
-
Target
Redline_2021_stealer-main/Kurome.Host/Kurome.Host.exe
-
Size
119KB
-
MD5
4fde0f80c408af27a8d3ddeffea12251
-
SHA1
e834291127af150ce287443c5ea607a7ae337484
-
SHA256
1b644cdb1c7247c07d810c0ea10bec34dc5600f3645589690a219de08cf2dedb
-
SHA512
3693aeaa2cc276060b899f21f6f57f435b75fec5bcd7725b2dd79043b341c12ebc29bd43b287eb22a3e31fd2b50c4fa36bf020f9f3db5e2f75fe8cc747eca5f5
Score1/10 -
-
-
Target
Redline_2021_stealer-main/Kurome.Loader/Kurome.Loader.exe
-
Size
2.2MB
-
MD5
a3ec05d5872f45528bbd05aeecf0a4ba
-
SHA1
68486279c63457b0579d86cd44dd65279f22d36f
-
SHA256
d4797b2e4957c9041ba32454657f5d9a457851c6b5845a57e0e5397707e7773e
-
SHA512
b96b582bb26cb40dbb2a0709a6c88acd87242d0607d548473e3023ffa0a6c9348922a98a4948f105ea0b8224a3930af1e698c6cee3c36ca6a83df6d20c868e8e
Score4/10 -
-
-
Target
Redline_2021_stealer-main/Panel/RedLine_20_2/Panel/Panel.exe
-
Size
9.3MB
-
MD5
f4e19b67ef27af1434151a512860574e
-
SHA1
56304fc2729974124341e697f3b21c84a8dd242a
-
SHA256
c7a8709013ada38fc2e1ceb3b15631f2aea8e156eb3f0aa197e02df1259a493a
-
SHA512
a92e73d58c51bb74618987f06166f52a65ed1525410aec1b8e377ea8547c1123e313e13e305310f7a750c4561756d87ff558670bf4df8b62ea874d6f7c14ca77
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Redline_2021_stealer-main/Panel/RedLine_20_2/Tools/Chrome.exe
-
Size
1.1MB
-
MD5
92cfeb7c07906eac0d4220b8a1ed65b1
-
SHA1
882b83e903b5b4c7c75f0b1dc31bb7aa8938d8fa
-
SHA256
38b827a431b89da0d9cdd444373364371f4f6e6bf299e7935f05b2351ca9186c
-
SHA512
e2ee932f5b81403935a977f9d3c8e2e4f6a4c9a1967b7e1cf61229a7746a24aae486ac6b779fb570f1dff02a3ff30107044f0427ce46474b91d788c78c8fcfbf
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Registers COM server for autorun
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
Redline_2021_stealer-main/Panel/RedLine_20_2/Tools/NetFramework48.exe
-
Size
1.4MB
-
MD5
86482f2f623a52b8344b00968adc7b43
-
SHA1
755349ecd6a478fe010e466b29911d2388f6ce94
-
SHA256
2c7530edbf06b08a0b9f4227c24ec37d95f3998ee7e6933ae22a9943d0adfa57
-
SHA512
64c168263fd48788d90919cbb9992855aed4ffe9a0f8052cb84f028ca239102c0571dfaf75815d72ad776009f5fc4469c957113fb66da7d4e9c83601e8287f3d
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
Redline_2021_stealer-main/Panel/RedLine_20_2/Tools/WinRar.exe
-
Size
3.2MB
-
MD5
b66dec691784f00061bc43e62030c343
-
SHA1
779d947d41efafc2995878e56e213411de8fb4cf
-
SHA256
26b40c79356453c60498772423f99384a3d24dd2d0662d215506768cb9c58370
-
SHA512
6a89bd581baf372f07e76a3378e6f6eb29cac2e4981a7f0affb4101153407cadfce9f1b6b28d5a003f7d4039577029b2ec6ebcfd58e55288e056614fb03f8ba3
Score1/10 -