redline | f004a6b85ea2006cf3849e4ddee42a2df74a43707c835ef916344d565d2dccff | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

GENSHIN_ESP_AIM.exe

windows7-x64

GENSHIN_ESP_AIM.exe

windows10-2004-x64

Sharing

General

Target

GENSHIN_ESP_AIM.exe
Size

367KB
Sample

230603-hqx1aagc3x
MD5

403512d851024c4e3efb3cf61e5058d1
SHA1

24354abc6d58b9d4fc4d95380e7639473b2b45e5
SHA256

f004a6b85ea2006cf3849e4ddee42a2df74a43707c835ef916344d565d2dccff
SHA512

962f157e2d43142abc74ab728919693937ac61ac9107787c393929b26cb23c5e2846567873404b287f747df1b3c66f87c6cec14345b46079f77e49845842724c
SSDEEP

3072:zcSg6LmU8Rz+644/mEymgPvwiDmR0yW5IKQOzOUax7glWBJtCziX8sbSXXq5iRym:Axm6zHi8WmhOba7gluJoeXphiom

Score

10^/10

redline 835252574 infostealer

Static task

static1

Behavioral task

behavioral1

Sample

GENSHIN_ESP_AIM.exe

Resource

win7-20230220-en

redline 835252574 infostealer

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

GENSHIN_ESP_AIM.exe

Resource

win10v2004-20230220-en

redline 835252574 infostealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

835252574

C2

disdoctor.top:40309

Attributes

auth_value
eb1555006dcf91279c06d36896e53b47

Targets

- Target
  
  GENSHIN_ESP_AIM.exe
- Size
  
  367KB
- MD5
  
  403512d851024c4e3efb3cf61e5058d1
- SHA1
  
  24354abc6d58b9d4fc4d95380e7639473b2b45e5
- SHA256
  
  f004a6b85ea2006cf3849e4ddee42a2df74a43707c835ef916344d565d2dccff
- SHA512
  
  962f157e2d43142abc74ab728919693937ac61ac9107787c393929b26cb23c5e2846567873404b287f747df1b3c66f87c6cec14345b46079f77e49845842724c
- SSDEEP
  
  3072:zcSg6LmU8Rz+644/mEymgPvwiDmR0yW5IKQOzOUax7glWBJtCziX8sbSXXq5iRym:Axm6zHi8WmhOba7gluJoeXphiom
Score

10^/10

redline 835252574 infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline835252574infostealer

behavioral2

redline835252574infostealer

© 2018-2025

Terms | Privacy