redline | 476548fa938eb519bd71b49ff025d6eb9bd9a40faecb4798b85df5eb9a5ff806 | Triage

Submit
Reports

Overview

overview

Static

static

Setup.exe

windows10-1703-x64

Setup.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

Setup.exe
Size

3.8MB
Sample

220924-c3d52sbgcn
MD5

615634aef96a14527bf2c089d2946ea0
SHA1

36266209c72d27113eef2fbd96f6a589bc95f43c
SHA256

476548fa938eb519bd71b49ff025d6eb9bd9a40faecb4798b85df5eb9a5ff806
SHA512

890c9635c7aee30fc27d5116be87d2038b879c8c69a15d6f0d33ff06e001fc9baf1327ef03e960bd2ac75ffa03506fba309aa9a37eb782a413d016fda5469c95
SSDEEP

98304:cKSSGUGmqaff+fRh0IygJoqUOIo29n4ZRH0TdkM:ciGUbfmJh0IyXOIr9+mxB

Score

10^/10

redline @dxpex discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Setup.exe

Resource

win10-20220901-en

redline @dxpex discovery infostealer spyware stealer

windows10-1703-x64

13 signatures

120 seconds

Behavioral task

behavioral2

Sample

Setup.exe

Resource

win10v2004-20220812-en

redline @dxpex discovery infostealer spyware stealer

windows10-2004-x64

11 signatures

120 seconds

Malware Config

Extracted

Family

redline

Botnet

@dxpex

C2

78.153.144.85:26393

Attributes

auth_value
7d71dc2486a2f78d8097fa5a22e9ed30

Targets

- Target
  
  Setup.exe
- Size
  
  3.8MB
- MD5
  
  615634aef96a14527bf2c089d2946ea0
- SHA1
  
  36266209c72d27113eef2fbd96f6a589bc95f43c
- SHA256
  
  476548fa938eb519bd71b49ff025d6eb9bd9a40faecb4798b85df5eb9a5ff806
- SHA512
  
  890c9635c7aee30fc27d5116be87d2038b879c8c69a15d6f0d33ff06e001fc9baf1327ef03e960bd2ac75ffa03506fba309aa9a37eb782a413d016fda5469c95
- SSDEEP
  
  98304:cKSSGUGmqaff+fRh0IygJoqUOIo29n4ZRH0TdkM:ciGUbfmJh0IyXOIr9+mxB
Score

10^/10

redline @dxpex discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

redline@dxpexdiscoveryinfostealerspywarestealer

behavioral2

redline@dxpexdiscoveryinfostealerspywarestealer

© 2018-2025

Terms | Privacy