redline | 3ecba862df8a7e0e278375c4491219dd2022882c8c44870019b497ed45db415a | Triage

Submit
Reports

Overview

overview

Static

static

Enquiry.js

windows7-x64

8

Enquiry.js

windows10-2004-x64

Sharing

General

Target

Enquiry.js
Size

4KB
Sample

221020-s6gncacbg3
MD5

b7c067e5f15d2264ab945d07589462db
SHA1

9f25636a346d6cbea1b53270e63ac042d0006034
SHA256

3ecba862df8a7e0e278375c4491219dd2022882c8c44870019b497ed45db415a
SHA512

4e2884cf13d1cef7223ef957b338f984b1ea8a2f88cb194d9c32b5d6bc47c4f7b7903ccad13d4aa10ac1fecb8581b01f3a2c10fd9b5e680b9cf5a0e360209aae
SSDEEP

96:IfIr3U6zGVyy5VMiR/cCVomAGmHJxPRICWG7zEz5Lyi0jAKQL4i0jAPq/8HScP:IfIrE6zGVyaM6/cCV6Xu67zEz6fAqEH3

Score

10^/10

redline docc infostealer

Static task

static1

Behavioral task

behavioral1

Sample

Enquiry.js

Resource

win7-20220812-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

Enquiry.js

Resource

win10v2004-20220901-en

redline docc infostealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

docc

C2

191.101.130.28:45622

Targets

- Target
  
  Enquiry.js
- Size
  
  4KB
- MD5
  
  b7c067e5f15d2264ab945d07589462db
- SHA1
  
  9f25636a346d6cbea1b53270e63ac042d0006034
- SHA256
  
  3ecba862df8a7e0e278375c4491219dd2022882c8c44870019b497ed45db415a
- SHA512
  
  4e2884cf13d1cef7223ef957b338f984b1ea8a2f88cb194d9c32b5d6bc47c4f7b7903ccad13d4aa10ac1fecb8581b01f3a2c10fd9b5e680b9cf5a0e360209aae
- SSDEEP
  
  96:IfIr3U6zGVyy5VMiR/cCVomAGmHJxPRICWG7zEz5Lyi0jAKQL4i0jAPq/8HScP:IfIrE6zGVyaM6/cCV6Xu67zEz6fAqEH3
Score

10^/10

redline docc infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlinedoccinfostealer

© 2018-2025

Terms | Privacy