redline | d82e1dd68e84dcf224d8aa0634dda76d4d5e04366118a4e0c76cc21f407991df | Triage

Submit
Reports

Overview

overview

Static

static

3

1e4058c6b0...02.exe

windows7-x64

1e4058c6b0...02.exe

windows10-2004-x64

Sharing

General

Target

01a058544747cb9c40cd3244f872aaf6.bin
Size

977KB
Sample

230522-bcmttsga6x
MD5

4bc71fcaf06bc8ffa23961a0d08256ac
SHA1

91258b79cef35fe153de71a6c43008e9fa82c2dd
SHA256

d82e1dd68e84dcf224d8aa0634dda76d4d5e04366118a4e0c76cc21f407991df
SHA512

8c09b97a1be2484e5853c756dd3c5734adfddf90013b7309c9c01e032cf2cfb48e51048ec8fcab4bb0c312b0417b4c96d2e701b8de66058a9bb3a01be1fd73ce
SSDEEP

24576:fFGF1kqPeAbfR7cjohNXo9YdidsrF48GgdBU6cqeSuZk2TH9ELUUXf:fk1brRAUnF0QUzSEXaLrXf

Score

10^/10

redline maxa discovery evasion infostealer persistence spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1e4058c6b0bd52150234dc9b3526be246f34340a43d57dde72b169320eb27c02.exe

Resource

win7-20230220-en

redline maxa discovery evasion infostealer persistence spyware stealer trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

1e4058c6b0bd52150234dc9b3526be246f34340a43d57dde72b169320eb27c02.exe

Resource

win10v2004-20230220-en

redline maxa discovery evasion infostealer persistence spyware stealer trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

maxa

C2

77.91.124.251:19065

Attributes

auth_value
3c06ec6b3eea9db7536a57bcc13f5bef

Targets

- Target
  
  1e4058c6b0bd52150234dc9b3526be246f34340a43d57dde72b169320eb27c02.exe
- Size
  
  1021KB
- MD5
  
  01a058544747cb9c40cd3244f872aaf6
- SHA1
  
  67774ac6c271abe04c35f5bc917db5e1eee55c4e
- SHA256
  
  1e4058c6b0bd52150234dc9b3526be246f34340a43d57dde72b169320eb27c02
- SHA512
  
  db4cd070fc7fa27b728186843d1724eee70186b45e268e6b6aa31049e845562bbc0e9aaad332c02637705bcfa31572cc13ae41eb9c83a8c1a784f5b4435cbb13
- SSDEEP
  
  24576:My39B3Vr53HA6sqZ2St0xBH44DmJQZ+UYvd/VSt9:7DlF3HA6sqsK0xBHHxZ+dvVV
Score

10^/10

redline maxa discovery evasion infostealer persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinemaxadiscoveryevasioninfostealerpersistencespywarestealertrojan

behavioral2

redlinemaxadiscoveryevasioninfostealerpersistencespywarestealertrojan

© 2018-2025

Terms | Privacy