redline | 51361e9e75a8d055d92c052704a03420811a08f295ca16985f13c5b5db489feb | Triage

Submit
Reports

Overview

overview

Static

static

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

Copy URL Twitter E-mail

General

Target

51361e9e75a8d055d92c052704a03420811a08f295ca16985f13c5b5db489feb
Size

2.4MB
Sample

221101-ldbs3aacb5
MD5

46f69539e92ff658ed5037ee0320bab1
SHA1

3b3d4ba743aa43dc61415c6d574cef96d80d6b35
SHA256

51361e9e75a8d055d92c052704a03420811a08f295ca16985f13c5b5db489feb
SHA512

f6e0e766d5facca41b2c476eab4418af46c5f3011ac3b06a92dc9851d22cea1113e704237a1508a8e85ea2febe8852865a5da0a3ba4127079d341a9287d3ad33
SSDEEP

24576:PmPN7Q8pLY0Y55owQXzfIkkP5vZh4ML7gALdKiuXV/skkdjxM3tVtUCCZVLTHrlL:+C8WLQXzfIkkF4QkCxEtVtUCCZVTl37

Score

10^/10

redline infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

51361e9e75a8d055d92c052704a03420811a08f295ca16985f13c5b5db489feb.exe

Resource

win7-20220812-en

redline infostealer spyware

windows7-x64

8 signatures

300 seconds

Behavioral task

behavioral2

Sample

51361e9e75a8d055d92c052704a03420811a08f295ca16985f13c5b5db489feb.exe

Resource

win10-20220901-en

redline infostealer spyware

windows10-1703-x64

12 signatures

300 seconds

Malware Config

Extracted

Family

redline

C2

79.137.192.7:39946

Attributes

auth_value
1bf824f9e711330da076308af2d38832

Targets

- Target
  
  51361e9e75a8d055d92c052704a03420811a08f295ca16985f13c5b5db489feb
- Size
  
  2.4MB
- MD5
  
  46f69539e92ff658ed5037ee0320bab1
- SHA1
  
  3b3d4ba743aa43dc61415c6d574cef96d80d6b35
- SHA256
  
  51361e9e75a8d055d92c052704a03420811a08f295ca16985f13c5b5db489feb
- SHA512
  
  f6e0e766d5facca41b2c476eab4418af46c5f3011ac3b06a92dc9851d22cea1113e704237a1508a8e85ea2febe8852865a5da0a3ba4127079d341a9287d3ad33
- SSDEEP
  
  24576:PmPN7Q8pLY0Y55owQXzfIkkP5vZh4ML7gALdKiuXV/skkdjxM3tVtUCCZVLTHrlL:+C8WLQXzfIkkF4QkCxEtVtUCCZVTl37
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Downloads MZ/PE file
- Executes dropped EXE
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Scripting

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Web Service

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware

behavioral2

redlineinfostealerspyware

© 2018-2025

Terms | Privacy