redline | a49b27d2134a98b207eb7bf113926b3ba4b25c67a601ec2a12d73c4aa0d044fe | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

0x00030000...83.exe

windows7-x64

0x00030000...83.exe

windows10-2004-x64

Sharing

General

Target

0x0003000000000735-183.dat
Size

168KB
Sample

230506-r2jrgahe86
MD5

757db55f2bfa8548170d057df2329fd0
SHA1

e4233da9b945e7189588a713ead993bab327e39d
SHA256

a49b27d2134a98b207eb7bf113926b3ba4b25c67a601ec2a12d73c4aa0d044fe
SHA512

bf71363bbfef0dfa87b74c6549b1dec904dc41ddf6e6f6f83dde1f7d9213e667a758aec67a120e7341cb422b46d23534e38d3df14fc57be9b811b7532bb5b64a
SSDEEP

1536:XxB0RhlTQqlVZRGWggKbrGawXXkLYppppn/GTGqV0buXtXJKmE7n483wYkd8e8h1:XmtGRWUEppppn7qVMQZKmE7n4r8e8h1

Score

10^/10

redline dariy discovery infostealer spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

0x0003000000000735-183.exe

Resource

win7-20230220-en

redline dariy discovery infostealer spyware stealer

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

0x0003000000000735-183.exe

Resource

win10v2004-20230220-en

redline dariy discovery infostealer spyware stealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

dariy

C2

217.196.96.101:4132

Attributes

auth_value
2f34aa0d1cb1023a826825b68ebedcc8

Targets

- Target
  
  0x0003000000000735-183.dat
- Size
  
  168KB
- MD5
  
  757db55f2bfa8548170d057df2329fd0
- SHA1
  
  e4233da9b945e7189588a713ead993bab327e39d
- SHA256
  
  a49b27d2134a98b207eb7bf113926b3ba4b25c67a601ec2a12d73c4aa0d044fe
- SHA512
  
  bf71363bbfef0dfa87b74c6549b1dec904dc41ddf6e6f6f83dde1f7d9213e667a758aec67a120e7341cb422b46d23534e38d3df14fc57be9b811b7532bb5b64a
- SSDEEP
  
  1536:XxB0RhlTQqlVZRGWggKbrGawXXkLYppppn/GTGqV0buXtXJKmE7n483wYkd8e8h1:XmtGRWUEppppn7qVMQZKmE7n4r8e8h1
Score

10^/10

redline dariy discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedariydiscoveryinfostealerspywarestealer

behavioral2

redlinedariydiscoveryinfostealerspywarestealer

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.