redline | a0450c79462df181c6d792a1a1dd75b4ffe9187a89984c6edd44a3aa59234c0c | Triage

Submit
Reports

Overview

overview

Static

static

1

NewInvoice.hta

windows7-x64

3

NewInvoice.hta

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

NewInvoice.hta
Size

33KB
Sample

230612-rm8r2sda7x
MD5

bd67157d85b0a64283578d60f413d8e6
SHA1

a8ad3bb2fd9739e788b5818e3afc0f419efb5886
SHA256

a0450c79462df181c6d792a1a1dd75b4ffe9187a89984c6edd44a3aa59234c0c
SHA512

0c25e1bdd2e3bd6e45385b030f5e5d2b740277a9e9f07ab319d869d97c2a83825869fe5d08154c3ab5091d834b1ee8e85901e75002066ab16a4043b2c901945b
SSDEEP

768:Wjs8sWFSWGWwiWfwAYcDuxxYMJO9zYGIfWkdYQj5vZ5i:WjdsWFSWGWbWfwAYcDuxxM9sGIfWYYQ8

Score

10^/10

redline discovery evasion infostealer spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

NewInvoice.hta

Resource

win7-20230220-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

NewInvoice.hta

Resource

win10v2004-20230220-en

redline discovery evasion infostealer spyware stealer trojan

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  NewInvoice.hta
- Size
  
  33KB
- MD5
  
  bd67157d85b0a64283578d60f413d8e6
- SHA1
  
  a8ad3bb2fd9739e788b5818e3afc0f419efb5886
- SHA256
  
  a0450c79462df181c6d792a1a1dd75b4ffe9187a89984c6edd44a3aa59234c0c
- SHA512
  
  0c25e1bdd2e3bd6e45385b030f5e5d2b740277a9e9f07ab319d869d97c2a83825869fe5d08154c3ab5091d834b1ee8e85901e75002066ab16a4043b2c901945b
- SSDEEP
  
  768:Wjs8sWFSWGWwiWfwAYcDuxxYMJO9zYGIfWkdYQj5vZ5i:WjdsWFSWGWbWfwAYcDuxxM9sGIfWYYQ8
Score

10^/10

redline discovery evasion infostealer spyware stealer trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- UAC bypass
  evasion trojan
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlinediscoveryevasioninfostealerspywarestealertrojan

© 2018-2025

Terms | Privacy