redline | c0f594a7b596ae837b66e85288976bfe55077d510d841cdfe41a0e42325f6c6e | Triage

Submit
Reports

Overview

overview

Static

static

3

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

c0f594a7b596ae837b66e85288976bfe55077d510d841cdfe41a0e42325f6c6e
Size

316KB
Sample

231022-2bxwhseh94
MD5

2ea5f0973fa72e30eee91358042e2ee1
SHA1

444b829ef824a623752343885439dc80274fc43c
SHA256

c0f594a7b596ae837b66e85288976bfe55077d510d841cdfe41a0e42325f6c6e
SHA512

987b30dd3354bc83957b69ba2ad74507b6eca305947c491c4e73d0090ad37cd493935e3fba734127896e26fd475584571bd1e7c20b4ed369d53c3ce5f85f4b4d
SSDEEP

3072:GB6IW25ma0VuPkPZ+yrTdr/1WLhiTa1xisi3AMa6fJxhrJPXTBDBx0xinMJlXZH:/yXFPk5TJALITExisi9JfJPXTN70Qn

Score

10^/10

redline @oleh_ps microsoft discovery infostealer phishing spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c0f594a7b596ae837b66e85288976bfe55077d510d841cdfe41a0e42325f6c6e.exe

Resource

win7-20230831-en

redline @oleh_ps discovery infostealer spyware stealer

windows7-x64

7 signatures

300 seconds

Behavioral task

behavioral2

Sample

c0f594a7b596ae837b66e85288976bfe55077d510d841cdfe41a0e42325f6c6e.exe

Resource

win10-20231020-en

redline @oleh_ps microsoft infostealer phishing

windows10-1703-x64

11 signatures

300 seconds

Malware Config

Extracted

Family

redline

Botnet

@oleh_ps

C2

185.216.70.238:37515

Targets

- Target
  
  c0f594a7b596ae837b66e85288976bfe55077d510d841cdfe41a0e42325f6c6e
- Size
  
  316KB
- MD5
  
  2ea5f0973fa72e30eee91358042e2ee1
- SHA1
  
  444b829ef824a623752343885439dc80274fc43c
- SHA256
  
  c0f594a7b596ae837b66e85288976bfe55077d510d841cdfe41a0e42325f6c6e
- SHA512
  
  987b30dd3354bc83957b69ba2ad74507b6eca305947c491c4e73d0090ad37cd493935e3fba734127896e26fd475584571bd1e7c20b4ed369d53c3ce5f85f4b4d
- SSDEEP
  
  3072:GB6IW25ma0VuPkPZ+yrTdr/1WLhiTa1xisi3AMa6fJxhrJPXTBDBx0xinMJlXZH:/yXFPk5TJALITExisi9JfJPXTN70Qn
Score

10^/10

redline @oleh_ps discovery infostealer spyware stealer microsoft phishing
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@oleh_psdiscoveryinfostealerspywarestealer

behavioral2

redline@oleh_psmicrosoftinfostealerphishing

© 2018-2025

Terms | Privacy