redline | 263e7fbf72bd53e3793128e84b0a10837bc5712095e9ee46a9b1dca0ee059a59 | Triage

Submit
Reports

Overview

overview

Static

static

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

263E7FBF72BD53E3793128E84B0A10837BC5712095E9EE46A9B1DCA0EE059A59
Size

2.5MB
Sample

220812-a4yvqsghc7
MD5

bd5c4985195e675f6f2dd7743e451551
SHA1

f314911b7443dece9544b5f8e2b52df3d323bc0a
SHA256

263e7fbf72bd53e3793128e84b0a10837bc5712095e9ee46a9b1dca0ee059a59
SHA512

116b85a314a1ff0f43eb1e1ee96704191e98460e9af7aec473ceff0b66d7339a6751f305740848cefa55f4c33fd0e236b9dc4196e607296eed3018aafaa524e7

Score

10^/10

redline xmrig ytstealer infostealer miner persistence spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

263E7FBF72BD53E3793128E84B0A10837BC5712095E9EE46A9B1DCA0EE059A59.exe

Resource

win7-20220715-en

redline infostealer spyware

windows7-x64

7 signatures

300 seconds

Behavioral task

behavioral2

Sample

263E7FBF72BD53E3793128E84B0A10837BC5712095E9EE46A9B1DCA0EE059A59.exe

Resource

win10-20220718-en

redline xmrig ytstealer infostealer miner persistence spyware stealer upx

windows10-1703-x64

20 signatures

300 seconds

Malware Config

Extracted

Family

redline

C2

62.204.41.141:24758

Attributes

auth_value
6b23940bb97470910c89668d85ae8df9

Targets

- Target
  
  263E7FBF72BD53E3793128E84B0A10837BC5712095E9EE46A9B1DCA0EE059A59
- Size
  
  2.5MB
- MD5
  
  bd5c4985195e675f6f2dd7743e451551
- SHA1
  
  f314911b7443dece9544b5f8e2b52df3d323bc0a
- SHA256
  
  263e7fbf72bd53e3793128e84b0a10837bc5712095e9ee46a9b1dca0ee059a59
- SHA512
  
  116b85a314a1ff0f43eb1e1ee96704191e98460e9af7aec473ceff0b66d7339a6751f305740848cefa55f4c33fd0e236b9dc4196e607296eed3018aafaa524e7
Score

10^/10

redline infostealer spyware xmrig ytstealer miner persistence stealer upx
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- YTStealer
  YTStealer is a malware designed to steal YouTube authentication cookies.
  stealer ytstealer
- YTStealer payload
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware

behavioral2

redlinexmrigytstealerinfostealerminerpersistencespywarestealerupx

© 2018-2025

Terms | Privacy