redline | 57031bcacf380df05eb7a219adcc5f0d58c8313883bed2b838670ced8b92302a | Triage

Submit
Reports

Overview

overview

Static

static

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

57031bcacf380df05eb7a219adcc5f0d58c8313883bed2b838670ced8b92302a
Size

2.4MB
Sample

221101-lhc7paacf9
MD5

77b6b449e5d2ba9255a4bea7675762b5
SHA1

ab0765b544dc0aefd9b0ffd50d2b73f890e9c3ae
SHA256

57031bcacf380df05eb7a219adcc5f0d58c8313883bed2b838670ced8b92302a
SHA512

9287309c7472e46d6c6af3b422e74cb69e75041517cb6f978025781f6550defa67de8daf17c5abad653807b48850939f0678dc7355ae780544f4500bcc5bb74d
SSDEEP

24576:+chiQ8pLY0Y55owQXzfIkkP5vZh4ML7gALdKiuXV/szl1ktVtUCCZVLSX6l3RuQr:5F8WLQXzfIkkF4QzLktVtUCCZVjl3L

Score

10^/10

redline infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

57031bcacf380df05eb7a219adcc5f0d58c8313883bed2b838670ced8b92302a.exe

Resource

win7-20220812-en

redline infostealer spyware

windows7-x64

8 signatures

300 seconds

Behavioral task

behavioral2

Sample

57031bcacf380df05eb7a219adcc5f0d58c8313883bed2b838670ced8b92302a.exe

Resource

win10-20220901-en

redline infostealer spyware

windows10-1703-x64

8 signatures

300 seconds

Malware Config

Extracted

Family

redline

C2

185.215.113.69:15544

Attributes

auth_value
158d11bcb0981d36081a79814471392e

Targets

- Target
  
  57031bcacf380df05eb7a219adcc5f0d58c8313883bed2b838670ced8b92302a
- Size
  
  2.4MB
- MD5
  
  77b6b449e5d2ba9255a4bea7675762b5
- SHA1
  
  ab0765b544dc0aefd9b0ffd50d2b73f890e9c3ae
- SHA256
  
  57031bcacf380df05eb7a219adcc5f0d58c8313883bed2b838670ced8b92302a
- SHA512
  
  9287309c7472e46d6c6af3b422e74cb69e75041517cb6f978025781f6550defa67de8daf17c5abad653807b48850939f0678dc7355ae780544f4500bcc5bb74d
- SSDEEP
  
  24576:+chiQ8pLY0Y55owQXzfIkkP5vZh4ML7gALdKiuXV/szl1ktVtUCCZVLSX6l3RuQr:5F8WLQXzfIkkF4QzLktVtUCCZVjl3L
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware

behavioral2

redlineinfostealerspyware

© 2018-2025

Terms | Privacy