redline | f7408ac079050ef9b68f30d000f8192d5cac81d837d5b3f68518f3cfe9a91b10 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

Setup.exe

windows7-x64

Setup.exe

windows10-2004-x64

Sharing

General

Target

MS Office Plus 2021.rar
Size

4.9MB
Sample

221127-zpmllacg5s
MD5

f17c2876bf38313e0e4ba0ca74820546
SHA1

597e28b0f2684cd26296b44f35f275bc07c845fb
SHA256

f7408ac079050ef9b68f30d000f8192d5cac81d837d5b3f68518f3cfe9a91b10
SHA512

f0f21481fff6deeb093384943ea347281d81da41c2bdd39ecb4deeadfd4370f27ae6d8f275ec55dcf51ea8f5688722fda69495550cd6e17a244b552413032cf5
SSDEEP

98304:VA86AOq/cENWkbb6DqQ+FAOmN3oIao/LvaQ482RMIdutZxdXBjkCdygcQK7ORFm:VT//tWkXuqp6BUot482Nd+ZaZgAkY

Score

10^/10

redline infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

Setup.exe

Resource

win7-20221111-en

redline infostealer spyware

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

Setup.exe

Resource

win10v2004-20221111-en

redline infostealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

redline

C2

62.204.41.141:24758

Attributes

auth_value
1c8ff7dee822ac80430e5d694755817e

Targets

- Target
  
  Setup.exe
- Size
  
  214KB
- MD5
  
  066e4ddca165ce3d51e127edef3ad79a
- SHA1
  
  3f5c07a22ebe53ad58dc954c9788c6110abb1d31
- SHA256
  
  83532232c4fd411da4181c80b884c8d8f752397316fcfc1da1d72044a5079e66
- SHA512
  
  fca5f1b0a1edc09f0f5c400f74d6aee7151c323af04f0d8c97b025e7df15c7f3e93b307074f86eab7a56136148c2e0334532a304f6a84eeb8b16d25fc7185222
- SSDEEP
  
  6144:lG/vV4vU6l1mFsX8806bk5N4LAyfXiU+9:lmw8c88zjfXiU+
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Scripting

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware

behavioral2

redlineinfostealer

© 2018-2025

Terms | Privacy