redline | 0747e227e1a6665c2b465a4756e1a58efde6cce11766f6c9671b881c24cbc035 | Triage

Submit
Reports

Overview

overview

Static

static

1

cd1e0d4ae0...93.exe

windows7-x64

cd1e0d4ae0...93.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

cd1e0d4ae01fffbaf59dd97337130293.exe
Size

531KB
Sample

230305-f4vqzafg72
MD5

cd1e0d4ae01fffbaf59dd97337130293
SHA1

ea2d45052b72afb52d7a1c9f69cf6b1e180cd63c
SHA256

0747e227e1a6665c2b465a4756e1a58efde6cce11766f6c9671b881c24cbc035
SHA512

c4c591f0c9e4970a35395add4ce4babf9d561e3d4d938ccbf5ff89dd26f2f5cf37f06d6b36185e6ea1017e969b68c28348a9ec7c2c6d2e0f1399181c07591ff9
SSDEEP

12288:+MrSy90YN8vh+lTa3A41PefWG8YrxA7kRvu:MyQhQaw4QfW8y7J

Score

10^/10

redline filon rulit discovery evasion infostealer persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

cd1e0d4ae01fffbaf59dd97337130293.exe

Resource

win7-20230220-en

redline filon rulit discovery evasion infostealer persistence spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

cd1e0d4ae01fffbaf59dd97337130293.exe

Resource

win10v2004-20230220-en

redline filon rulit discovery evasion infostealer persistence spyware stealer trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

rulit

C2

pedigj.eu:4162

Attributes

auth_value
f4df9ef56871d4ac883b282abaf635e0

Extracted

Family

redline

Botnet

filon

C2

193.233.20.24:4123

Attributes

auth_value
f561e6a71c36ff1cef8c9bea12ae5256

Targets

- Target
  
  cd1e0d4ae01fffbaf59dd97337130293.exe
- Size
  
  531KB
- MD5
  
  cd1e0d4ae01fffbaf59dd97337130293
- SHA1
  
  ea2d45052b72afb52d7a1c9f69cf6b1e180cd63c
- SHA256
  
  0747e227e1a6665c2b465a4756e1a58efde6cce11766f6c9671b881c24cbc035
- SHA512
  
  c4c591f0c9e4970a35395add4ce4babf9d561e3d4d938ccbf5ff89dd26f2f5cf37f06d6b36185e6ea1017e969b68c28348a9ec7c2c6d2e0f1399181c07591ff9
- SSDEEP
  
  12288:+MrSy90YN8vh+lTa3A41PefWG8YrxA7kRvu:MyQhQaw4QfW8y7J
Score

10^/10

redline filon rulit discovery evasion infostealer persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinefilonrulitdiscoveryevasioninfostealerpersistencespywarestealertrojan

behavioral2

redlinefilonrulitdiscoveryevasioninfostealerpersistencespywarestealertrojan

© 2018-2025

Terms | Privacy