redline | d3f3ea77ce48cf9b66dd2e067f8c7555b1b1ba5d8cb3f61a91ce68db5a8e8e7e | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

winprofile

windows7-x64

1

winprofile

windows10-1703-x64

Sharing

General

Target

d3f3ea77ce48cf9b66dd2e067f8c7555b1b1ba5d8cb3f61a91ce68db5a8e8e7e
Size

1.8MB
Sample

230321-179dradd75
MD5

a631f66eb7c5e6e476ebac0baa5b0dbe
SHA1

3ec553f7caffff701451fad841a7b0d38f538895
SHA256

d3f3ea77ce48cf9b66dd2e067f8c7555b1b1ba5d8cb3f61a91ce68db5a8e8e7e
SHA512

57dfed65f52374400d1f3193442ed2244a6d9797f360a46ef5a998bc8c2a7b30a501f6a0ab080e60541c4f4dce8502e0992d67cb45f69324893c56832438eb45
SSDEEP

24576:W+NO34lJDEfZM7xOeHk/2cGxPEEeY7ucnz0cfhWjH7Ofc+HVKC7+fUi:Wy04lJR7wWk/k9eYtz0cJWj0c+3+si

Score

10^/10

redline mix1 infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

d3f3ea77ce48cf9b66dd2e067f8c7555b1b1ba5d8cb3f61a91ce68db5a8e8e7e.exe

Resource

win7-20230220-en

windows7-x64

1 signatures

300 seconds

Behavioral task

behavioral2

Sample

d3f3ea77ce48cf9b66dd2e067f8c7555b1b1ba5d8cb3f61a91ce68db5a8e8e7e.exe

Resource

win10-20230220-en

redline mix1 infostealer spyware stealer

windows10-1703-x64

11 signatures

300 seconds

Malware Config

Extracted

Family

redline

Botnet

mix1

C2

80.85.156.168:20189

Attributes

auth_value
4f9b36b8bfdf2607d3f0e623584037e2

Targets

- Target
  
  d3f3ea77ce48cf9b66dd2e067f8c7555b1b1ba5d8cb3f61a91ce68db5a8e8e7e
- Size
  
  1.8MB
- MD5
  
  a631f66eb7c5e6e476ebac0baa5b0dbe
- SHA1
  
  3ec553f7caffff701451fad841a7b0d38f538895
- SHA256
  
  d3f3ea77ce48cf9b66dd2e067f8c7555b1b1ba5d8cb3f61a91ce68db5a8e8e7e
- SHA512
  
  57dfed65f52374400d1f3193442ed2244a6d9797f360a46ef5a998bc8c2a7b30a501f6a0ab080e60541c4f4dce8502e0992d67cb45f69324893c56832438eb45
- SSDEEP
  
  24576:W+NO34lJDEfZM7xOeHk/2cGxPEEeY7ucnz0cfhWjH7Ofc+HVKC7+fUi:Wy04lJR7wWk/k9eYtz0cJWj0c+3+si
Score

10^/10

redline mix1 infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlinemix1infostealerspywarestealer

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.