redline | a9818756ed2c31c6410a8161849295a457cedbcb57ef3222f6f15b55e93e8082 | Triage

Submit
Reports

Overview

overview

Static

static

7

d40a01137b...6e.exe

windows7-x64

d40a01137b...6e.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

5ba5f954be0ccebe4b04a2f7d32b5b70.bin
Size

2.0MB
Sample

230212-bplgjahc2t
MD5

45d0122af67f04857781235176a08e70
SHA1

92d5ae02882aac2e5d79eed02b7cbc33db5ddd0b
SHA256

a9818756ed2c31c6410a8161849295a457cedbcb57ef3222f6f15b55e93e8082
SHA512

64e6aef1e0cbb2480decbe0207cbbf0723988cbc5e1e0829dcde50c89b5d6f883e49b2450f40fc0e253509afce9cd89927afb246d6ff7563c3017675580455fa
SSDEEP

49152:RLvqdnpkJsn9yP5Ez9UTcfsp6WGOqsiixqOr:RLvq8Jsn9wUUY1r4TxFr

Score

10^/10

redline mojno v rot evasion infostealer spyware themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d40a01137b266d7416d640caab27ba34517e899aa8d7e53229d8b78067b02a6e.exe

Resource

win7-20221111-en

redline mojno v rot evasion infostealer themida trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

d40a01137b266d7416d640caab27ba34517e899aa8d7e53229d8b78067b02a6e.exe

Resource

win10v2004-20221111-en

redline mojno v rot evasion infostealer spyware themida trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

mojno v rot

C2

79.137.192.41:40084

Attributes

auth_value
0cd15a7512436db6ce132ddeaf3b5aeb

Targets

- Target
  
  d40a01137b266d7416d640caab27ba34517e899aa8d7e53229d8b78067b02a6e.exe
- Size
  
  2.1MB
- MD5
  
  5ba5f954be0ccebe4b04a2f7d32b5b70
- SHA1
  
  40c2e36b7e79d0b676fe90dcc43d0595219885f6
- SHA256
  
  d40a01137b266d7416d640caab27ba34517e899aa8d7e53229d8b78067b02a6e
- SHA512
  
  ed7daa30bd8fbe5a2b909a8af2c4386bcbd28c84268b18157e6183855d1451a46db1e1f80ab6f2825fa6068dceffc9e98c6cbd13fdff9c21ecfde86bb9637792
- SSDEEP
  
  49152:O0hpg74r02Gv8rLcmPYg+z9DgkfMtpPI/LASf7pBOo6bU0FxZ:O0j04rBr4mQFgkfMtikWpUo0L
Score

10^/10

redline mojno v rot evasion infostealer themida trojan spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Virtualization/Sandbox Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinemojno v rotevasioninfostealerthemidatrojan

behavioral2

redlinemojno v rotevasioninfostealerspywarethemidatrojan

© 2018-2025

Terms | Privacy