redline | f098890f3a3ef76f5024724635e10f707971a05e5e1501719312c9206fd9f3b9 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

f098890f3a...b9.exe

windows7-x64

f098890f3a...b9.exe

windows10-2004-x64

Sharing

General

Target

f098890f3a3ef76f5024724635e10f707971a05e5e1501719312c9206fd9f3b9.bin
Size

1.0MB
Sample

230501-xymlvafa96
MD5

0f1f20160ec8db10603aefeab47a66dc
SHA1

7b2d9269431e77f8887665c40564a21e997c89a1
SHA256

f098890f3a3ef76f5024724635e10f707971a05e5e1501719312c9206fd9f3b9
SHA512

2e5c8aa4186daf1d9c2b0b1e8f6aa79c058738a51c8698ab0ca2bd64b976029d0f5cea7227d872917d7fa0cf8864866be2081a955a70e591bdd107261b988c8c
SSDEEP

24576:hywNEtThlbVucwn8CDJl6OgCF2DwKfN/i3tsjhD:UwNGvb/CDPXFHKl/8a

Score

10^/10

redline evasion infostealer persistence stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f098890f3a3ef76f5024724635e10f707971a05e5e1501719312c9206fd9f3b9.exe

Resource

win7-20230220-en

evasion persistence trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

f098890f3a3ef76f5024724635e10f707971a05e5e1501719312c9206fd9f3b9.exe

Resource

win10v2004-20230220-en

redline evasion infostealer persistence stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  f098890f3a3ef76f5024724635e10f707971a05e5e1501719312c9206fd9f3b9.bin
- Size
  
  1.0MB
- MD5
  
  0f1f20160ec8db10603aefeab47a66dc
- SHA1
  
  7b2d9269431e77f8887665c40564a21e997c89a1
- SHA256
  
  f098890f3a3ef76f5024724635e10f707971a05e5e1501719312c9206fd9f3b9
- SHA512
  
  2e5c8aa4186daf1d9c2b0b1e8f6aa79c058738a51c8698ab0ca2bd64b976029d0f5cea7227d872917d7fa0cf8864866be2081a955a70e591bdd107261b988c8c
- SSDEEP
  
  24576:hywNEtThlbVucwn8CDJl6OgCF2DwKfN/i3tsjhD:UwNGvb/CDPXFHKl/8a
Score

10^/10

evasion persistence trojan redline infostealer stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

redlineevasioninfostealerpersistencestealertrojan

© 2018-2025

Terms | Privacy