redline | 71ae72b2655b1faa775b20b3273b9027a4ccdba6ad2bca21ff3d7ee0fff57135 | Triage

Submit
Reports

Overview

overview

Static

static

1

511200316c...f6.exe

windows7-x64

511200316c...f6.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

65c7b30c6293e1ecc3830d07aede9b0e.bin
Size

215KB
Sample

231024-b4yemsbf27
MD5

c37a30546cd3d9266fedb7085ca04787
SHA1

103f378d5dd7ef6981f4c223c1fd0a910cee23ac
SHA256

71ae72b2655b1faa775b20b3273b9027a4ccdba6ad2bca21ff3d7ee0fff57135
SHA512

c45e2f7ae2058a3746281e1ac25ad9cdcff33fb11630c81a13825420311516241d8a2d1f1a528b67489feeb9f9af5f50a45cfc15f8f78a1041d29c90d9e9760c
SSDEEP

6144:q/CkTJRC6qLCeZpMwIhOpqMYg0Pqg4wSX0:ACGJ46qLS9OpqMj0Pqgz

Score

10^/10

redline microsoft discovery infostealer phishing spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

511200316cb76da22104be6e9fa680130d547e83b2b00c062da4719f441df3f6.exe

Resource

win7-20231023-en

redline discovery infostealer spyware stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

511200316cb76da22104be6e9fa680130d547e83b2b00c062da4719f441df3f6.exe

Resource

win10v2004-20231023-en

redline microsoft infostealer phishing

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  511200316cb76da22104be6e9fa680130d547e83b2b00c062da4719f441df3f6.exe
- Size
  
  496KB
- MD5
  
  65c7b30c6293e1ecc3830d07aede9b0e
- SHA1
  
  16986d36029df6dea29142da907dec7b4dfa4e31
- SHA256
  
  511200316cb76da22104be6e9fa680130d547e83b2b00c062da4719f441df3f6
- SHA512
  
  74d4393c55769b3a9ef736454e0503cbc1d351e178ae70037563f3a2a8930adc5542c6e1cc747cc829f2e5c4d2e39ee3128723da4e9a5509f908c8d10dc67398
- SSDEEP
  
  12288:68lL1SNQB2o97Hr62k3n/+pLsv9+eXUeF6O1L:b1SNQkAr62k3n/+pAv+e3L
Score

10^/10

redline discovery infostealer spyware stealer microsoft phishing
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspywarestealer

behavioral2

redlinemicrosoftinfostealerphishing

© 2018-2025

Terms | Privacy