redline | 6dc671b1584fa593d98f07d458f6f251b7a5be61d06a5fc8e197906010f5f30e | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

General

Target

file
Size

1.8MB
Sample

221106-msh2csaddn
MD5

c4a34dadd5bdd435bbd2b601216a8845
SHA1

0e98ada0fb38b22ce20aff1d5c1bca3959e330bc
SHA256

6dc671b1584fa593d98f07d458f6f251b7a5be61d06a5fc8e197906010f5f30e
SHA512

44eecce62f327a64e1f002c3b46a45a8b0c95e844f4d7c91f5ad3db9fd83bf2eeb927bc3df544c60b2c2e0fe7aa455bbacc844f581cccf4762dcbd5b1fe0aa40
SSDEEP

24576:iPXk9u1zxwjp6oU3e4Kspw8NWOY4hqPGWXYQJk/8mckkcmOJZGyzzoV:x9u1VINB45pTtpmGGCsUmq74V

Score

10^/10

redline ross trafer infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20220812-en

redline ross trafer infostealer spyware

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20220812-en

redline ross trafer infostealer spyware

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

Ross Trafer

C2

79.137.204.225:35366

Attributes

auth_value
c13df8b0f711231b91be845c727b3945

Targets

- Target
  
  file
- Size
  
  1.8MB
- MD5
  
  c4a34dadd5bdd435bbd2b601216a8845
- SHA1
  
  0e98ada0fb38b22ce20aff1d5c1bca3959e330bc
- SHA256
  
  6dc671b1584fa593d98f07d458f6f251b7a5be61d06a5fc8e197906010f5f30e
- SHA512
  
  44eecce62f327a64e1f002c3b46a45a8b0c95e844f4d7c91f5ad3db9fd83bf2eeb927bc3df544c60b2c2e0fe7aa455bbacc844f581cccf4762dcbd5b1fe0aa40
- SSDEEP
  
  24576:iPXk9u1zxwjp6oU3e4Kspw8NWOY4hqPGWXYQJk/8mckkcmOJZGyzzoV:x9u1VINB45pTtpmGGCsUmq74V
Score

10^/10

redline ross trafer infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineross traferinfostealerspyware

behavioral2

redlineross traferinfostealerspyware

© 2018-2025

Terms | Privacy