redline | a8c77385ffdc2415e9d142ca63d5a264e01a33e8945b1af72b828ca1f537e107 | Triage

Submit
Reports

Overview

overview

Static

static

Setup.exe

windows7-x64

Setup.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

Target

Setup.exe
Size

9.8MB
Sample

221202-y7py1abc76
MD5

1f916244921ac659394380d2de6a7ae9
SHA1

7e2073fe760394b6105e20fcd159aba819e48d80
SHA256

a8c77385ffdc2415e9d142ca63d5a264e01a33e8945b1af72b828ca1f537e107
SHA512

e12743e6c8fac20c3c4e62e12cc6a65757efcbff8881b4dfbaef0f9694169229e3352213bff11938756ebe00e10064649311f34577b08ec685b5a9fdb0f382c1
SSDEEP

98304:OTjLkigLATnhWgxDdorGd2iqSBEMKUX0eUsvJHEtPsC8ezht:YVgLynhWWDdY02iqSK1UkhUJYEC8Kt

Score

10^/10

redline discovery evasion infostealer spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Setup.exe

Resource

win7-20220812-en

redline discovery evasion infostealer spyware stealer trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

Setup.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  Setup.exe
- Size
  
  9.8MB
- MD5
  
  1f916244921ac659394380d2de6a7ae9
- SHA1
  
  7e2073fe760394b6105e20fcd159aba819e48d80
- SHA256
  
  a8c77385ffdc2415e9d142ca63d5a264e01a33e8945b1af72b828ca1f537e107
- SHA512
  
  e12743e6c8fac20c3c4e62e12cc6a65757efcbff8881b4dfbaef0f9694169229e3352213bff11938756ebe00e10064649311f34577b08ec685b5a9fdb0f382c1
- SSDEEP
  
  98304:OTjLkigLATnhWgxDdorGd2iqSBEMKUX0eUsvJHEtPsC8ezht:YVgLynhWWDdY02iqSK1UkhUJYEC8Kt
Score

10^/10

redline discovery evasion infostealer spyware stealer trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinediscoveryevasioninfostealerspywarestealertrojan

behavioral2

© 2018-2025

Terms | Privacy