redline | 2840cf91d5a8784745bc4413941969a4cee60c11fc4df04c258263ce79bfc081 | Triage

Submit
Reports

Overview

overview

Static

static

3

6d320c13fc...ec.exe

windows7-x64

6d320c13fc...ec.exe

windows10-2004-x64

Sharing

General

Target

6d320c13fc1842eae443462e46fc46ec.exe
Size

1021KB
Sample

230521-jcdj6abd4w
MD5

6d320c13fc1842eae443462e46fc46ec
SHA1

56ac825bdd911101da7a165b8d34cb7fc8113c39
SHA256

2840cf91d5a8784745bc4413941969a4cee60c11fc4df04c258263ce79bfc081
SHA512

19ad2de2d2ec36d52211e283aa208203728f3d28968812619e107256a4f548022104df2066fa5e5a54eec2be4b1cc4cacd36bdfc88fe94829bb7f4a117746030
SSDEEP

24576:byKajBRipI8GceVXuyOqc29A9wFfpYSLxE9MEpQPEK/5:OKwRi6PVOqBA28CxUK/

Score

10^/10

redline luza discovery evasion infostealer persistence spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6d320c13fc1842eae443462e46fc46ec.exe

Resource

win7-20230220-en

redline luza discovery evasion infostealer persistence spyware stealer trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

6d320c13fc1842eae443462e46fc46ec.exe

Resource

win10v2004-20230220-en

redline luza discovery evasion infostealer persistence spyware stealer trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

luza

C2

185.161.248.37:4138

Attributes

auth_value
1261701914d508e02e8b4f25d38bc7f9

Targets

- Target
  
  6d320c13fc1842eae443462e46fc46ec.exe
- Size
  
  1021KB
- MD5
  
  6d320c13fc1842eae443462e46fc46ec
- SHA1
  
  56ac825bdd911101da7a165b8d34cb7fc8113c39
- SHA256
  
  2840cf91d5a8784745bc4413941969a4cee60c11fc4df04c258263ce79bfc081
- SHA512
  
  19ad2de2d2ec36d52211e283aa208203728f3d28968812619e107256a4f548022104df2066fa5e5a54eec2be4b1cc4cacd36bdfc88fe94829bb7f4a117746030
- SSDEEP
  
  24576:byKajBRipI8GceVXuyOqc29A9wFfpYSLxE9MEpQPEK/5:OKwRi6PVOqBA28CxUK/
Score

10^/10

redline luza discovery evasion infostealer persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineluzadiscoveryevasioninfostealerpersistencespywarestealertrojan

behavioral2

redlineluzadiscoveryevasioninfostealerpersistencespywarestealertrojan

© 2018-2025

Terms | Privacy