redline | 2dc744e64d4b1b9e4dfe408579228b90be28484abb9c59ea326269cb11e315cf | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

2dc744e64d...cf.exe

windows7-x64

2dc744e64d...cf.exe

windows10-2004-x64

Sharing

General

Target

2dc744e64d4b1b9e4dfe408579228b90be28484abb9c59ea326269cb11e315cf.bin
Size

1.1MB
Sample

230506-zzr9tseg45
MD5

ad246420edbfa3b201927609651d8cc3
SHA1

1837216d45093adc537c8327223b8e806c69c198
SHA256

2dc744e64d4b1b9e4dfe408579228b90be28484abb9c59ea326269cb11e315cf
SHA512

2d5dc85b80321cde2986031ffcbc7099d86608a0c33690c38b795737ad0157a5b0af4ecaad77544d8730d4972f80423c80a5d43f41280f1c676f5fdeade65120
SSDEEP

24576:+y+NTfwOGYi5Md+QyWV1OW4ediXd6Frj8bj/ke:N+NTfw49jygOW4ednrIX

Score

10^/10

redline evasion infostealer persistence stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2dc744e64d4b1b9e4dfe408579228b90be28484abb9c59ea326269cb11e315cf.exe

Resource

win7-20230220-en

evasion persistence trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

2dc744e64d4b1b9e4dfe408579228b90be28484abb9c59ea326269cb11e315cf.exe

Resource

win10v2004-20230220-en

redline evasion infostealer persistence stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  2dc744e64d4b1b9e4dfe408579228b90be28484abb9c59ea326269cb11e315cf.bin
- Size
  
  1.1MB
- MD5
  
  ad246420edbfa3b201927609651d8cc3
- SHA1
  
  1837216d45093adc537c8327223b8e806c69c198
- SHA256
  
  2dc744e64d4b1b9e4dfe408579228b90be28484abb9c59ea326269cb11e315cf
- SHA512
  
  2d5dc85b80321cde2986031ffcbc7099d86608a0c33690c38b795737ad0157a5b0af4ecaad77544d8730d4972f80423c80a5d43f41280f1c676f5fdeade65120
- SSDEEP
  
  24576:+y+NTfwOGYi5Md+QyWV1OW4ediXd6Frj8bj/ke:N+NTfw49jygOW4ednrIX
Score

10^/10

evasion persistence trojan redline infostealer stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

redlineevasioninfostealerpersistencestealertrojan

© 2018-2025

Terms | Privacy