redline | 10cca04eb33c5fc4355340adf0ce32a4885a65c2d2c0120c03bacd04ed246d20 | Triage

Submit
Reports

Overview

overview

Static

static

3

ae0a2aae89...e2.exe

windows7-x64

ae0a2aae89...e2.exe

windows10-2004-x64

Sharing

General

Target

d14c235d198e12d1c0059ac99858109d.bin
Size

986KB
Sample

230522-b5fafsgc3z
MD5

7dcf0b8496006dac98c690f8f664acec
SHA1

383f3f58d767b4bbdce5ebdc47fd6a4ffc154317
SHA256

10cca04eb33c5fc4355340adf0ce32a4885a65c2d2c0120c03bacd04ed246d20
SHA512

717ed324250babb0315239789f959d1253e12ca8c7d42ebf2b990ef856bdc9708eb5baefe1ab1c52d7c992c63ca7766d3c1c96435a013a5dcfdf2eaa24f774dd
SSDEEP

24576:+3V00UKZGO1J/mRIu6SQsRjfEVKjZzBSJ3TdvtWCgfmMRM21f:g2KrnvPSQsRzE0WFtJpsf

Score

10^/10

redline deren discovery evasion infostealer persistence spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ae0a2aae897c68130237e73f58ab75386ff97f9ddb5d8ddf78e27c7fb1a7a4e2.exe

Resource

win7-20230220-en

redline deren discovery evasion infostealer persistence spyware stealer trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

ae0a2aae897c68130237e73f58ab75386ff97f9ddb5d8ddf78e27c7fb1a7a4e2.exe

Resource

win10v2004-20230221-en

redline deren discovery evasion infostealer persistence spyware stealer trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

deren

C2

77.91.68.253:19065

Attributes

auth_value
04a169f1fb198bfbeca74d0e06ea2d54

Targets

- Target
  
  ae0a2aae897c68130237e73f58ab75386ff97f9ddb5d8ddf78e27c7fb1a7a4e2.exe
- Size
  
  1.0MB
- MD5
  
  d14c235d198e12d1c0059ac99858109d
- SHA1
  
  7733d92c6ccc105134ac5b6ea4158682a4be8c30
- SHA256
  
  ae0a2aae897c68130237e73f58ab75386ff97f9ddb5d8ddf78e27c7fb1a7a4e2
- SHA512
  
  dfc5cea78dbc8f9cb979b61d77a810a8615cbbf6f1fe64147dbb935d31370258593e09eddeb83b2acbf9c3621358e13706f7684dae55937a409d4972b06db095
- SSDEEP
  
  24576:Vy6T4N2MefcJuxD63pcm42E7mNVe5sq2rWvUdhTud9yumxto:w60TefcJKOnHjuchTudUt
Score

10^/10

redline deren discovery evasion infostealer persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinederendiscoveryevasioninfostealerpersistencespywarestealertrojan

behavioral2

redlinederendiscoveryevasioninfostealerpersistencespywarestealertrojan

© 2018-2025

Terms | Privacy