redline | 697341461993ea5a75936c40d11974ea7509fb895b779e978a7fbb402d28d01d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

c021c9c39e...be.exe

windows7-x64

c021c9c39e...be.exe

windows10-2004-x64

Sharing

General

Target

c021c9c39eb9129916a5ed2cad370bbe.exe
Size

373KB
Sample

230302-wjkm9sdf8s
MD5

c021c9c39eb9129916a5ed2cad370bbe
SHA1

655d22c01a759094984b062b05d43dbcdcb22d9a
SHA256

697341461993ea5a75936c40d11974ea7509fb895b779e978a7fbb402d28d01d
SHA512

2fe7129677524dce08d9e64a18b22fde0e7dfa487592fa7cc2726b1b0ba58e0d6c619e9bd949edc7eadeca8d5b42c215ac3f6d94bdf1f2c97c935b2706d8b6ae
SSDEEP

6144:p0ay3LzgrOzHu2LBNDd0Uwg0BHaK87RpeNnAsXRZ+9n:pQ3vgrOzHDNPNXeZ8

Score

10^/10

redline discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

c021c9c39eb9129916a5ed2cad370bbe.exe

Resource

win7-20230220-en

redline discovery infostealer spyware stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

c021c9c39eb9129916a5ed2cad370bbe.exe

Resource

win10v2004-20230220-en

redline discovery infostealer spyware stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  c021c9c39eb9129916a5ed2cad370bbe.exe
- Size
  
  373KB
- MD5
  
  c021c9c39eb9129916a5ed2cad370bbe
- SHA1
  
  655d22c01a759094984b062b05d43dbcdcb22d9a
- SHA256
  
  697341461993ea5a75936c40d11974ea7509fb895b779e978a7fbb402d28d01d
- SHA512
  
  2fe7129677524dce08d9e64a18b22fde0e7dfa487592fa7cc2726b1b0ba58e0d6c619e9bd949edc7eadeca8d5b42c215ac3f6d94bdf1f2c97c935b2706d8b6ae
- SSDEEP
  
  6144:p0ay3LzgrOzHu2LBNDd0Uwg0BHaK87RpeNnAsXRZ+9n:pQ3vgrOzHDNPNXeZ8
Score

10^/10

redline discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspywarestealer

behavioral2

redlinediscoveryinfostealerspywarestealer

© 2018-2025

Terms | Privacy