redline | 163d43f4a55373c2f5d43bc17c8639fd3734b534346830acf6364c5f647d3e5c | Triage

Submit
Reports

Overview

overview

Static

static

1

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

163d43f4a55373c2f5d43bc17c8639fd3734b534346830acf6364c5f647d3e5c
Size

1.0MB
Sample

230529-17ejdadg43
MD5

281801fd754cc5e512838f718d06cdd3
SHA1

2899f535e7768135f601e9a63d314ce08351688a
SHA256

163d43f4a55373c2f5d43bc17c8639fd3734b534346830acf6364c5f647d3e5c
SHA512

6b5d95af6bf819a70d5908d5d6bc3f03439d1bf593dd41d7b2b25bd55d35901088afd04829228ac4cfc0ba21b239f774ab1fd0b1a8bb1a92d2f6749885e265f8
SSDEEP

12288:RWm4lF7puPeaX2jKaLodwWLt3v58ulLkq7h:MoWFeeoKUtf5jLl9

Score

10^/10

redline discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

163d43f4a55373c2f5d43bc17c8639fd3734b534346830acf6364c5f647d3e5c.exe

Resource

win7-20230220-en

redline discovery infostealer spyware stealer

windows7-x64

9 signatures

300 seconds

Behavioral task

behavioral2

Sample

163d43f4a55373c2f5d43bc17c8639fd3734b534346830acf6364c5f647d3e5c.exe

Resource

win10-20230220-en

redline discovery infostealer spyware stealer

windows10-1703-x64

9 signatures

300 seconds

Malware Config

Targets

- Target
  
  163d43f4a55373c2f5d43bc17c8639fd3734b534346830acf6364c5f647d3e5c
- Size
  
  1.0MB
- MD5
  
  281801fd754cc5e512838f718d06cdd3
- SHA1
  
  2899f535e7768135f601e9a63d314ce08351688a
- SHA256
  
  163d43f4a55373c2f5d43bc17c8639fd3734b534346830acf6364c5f647d3e5c
- SHA512
  
  6b5d95af6bf819a70d5908d5d6bc3f03439d1bf593dd41d7b2b25bd55d35901088afd04829228ac4cfc0ba21b239f774ab1fd0b1a8bb1a92d2f6749885e265f8
- SSDEEP
  
  12288:RWm4lF7puPeaX2jKaLodwWLt3v58ulLkq7h:MoWFeeoKUtf5jLl9
Score

10^/10

redline discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspywarestealer

behavioral2

redlinediscoveryinfostealerspywarestealer

© 2018-2025

Terms | Privacy