redline | 53d3c5c5053e6d15488441a76a22a66f094c34e4024d10b8f39160291937fe8b | Triage

Submit
Reports

Overview

overview

Static

static

file.exe

windows7-x64

file.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

333KB
Sample

221217-av65rafh79
MD5

a3eacc39b92bc26aacd3722a8b3bb979
SHA1

d59fb817d04c6979962e4a04a423a12deb6db6a6
SHA256

53d3c5c5053e6d15488441a76a22a66f094c34e4024d10b8f39160291937fe8b
SHA512

4279be6e74511c0814962ebdc37a0d30c27b6a65472120eda8040275721485c24c9d49a8ef2ddf4e08488c24051c1679293c9a94d5c7ca8b0017fcad82eca6be
SSDEEP

6144:WtL09ictVE0X+JnnZxbSjsZ8Gqoupkd0Tvd5V1GiGgz0rF40M2b:WtIkYVEdRajW5C2Gv3f

Score

10^/10

redline @2023@discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20220812-en

redline @2023@discovery infostealer spyware stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20221111-en

discovery spyware stealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@2023@

C2

193.106.191.138:32796

Attributes

auth_value
ca057e5baadfd0774a34a6a949cd5e69

Targets

- Target
  
  file.exe
- Size
  
  333KB
- MD5
  
  a3eacc39b92bc26aacd3722a8b3bb979
- SHA1
  
  d59fb817d04c6979962e4a04a423a12deb6db6a6
- SHA256
  
  53d3c5c5053e6d15488441a76a22a66f094c34e4024d10b8f39160291937fe8b
- SHA512
  
  4279be6e74511c0814962ebdc37a0d30c27b6a65472120eda8040275721485c24c9d49a8ef2ddf4e08488c24051c1679293c9a94d5c7ca8b0017fcad82eca6be
- SSDEEP
  
  6144:WtL09ictVE0X+JnnZxbSjsZ8Gqoupkd0Tvd5V1GiGgz0rF40M2b:WtIkYVEdRajW5C2Gv3f
Score

10^/10

redline @2023@discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@2023@discoveryinfostealerspywarestealer

behavioral2

discoveryspywarestealer

© 2018-2025

Terms | Privacy