redline | 6badd733b6b2e44bf8636cc72a53ab643461d5b1bd63982586aa38456d30f36a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

General

Target

file.exe
Size

219KB
Sample

231121-zjptrsge73
MD5

fdacf3668801073be898676b316190c5
SHA1

62d2fe2cd2b4db1990e8da3ae498ff56e13625ee
SHA256

6badd733b6b2e44bf8636cc72a53ab643461d5b1bd63982586aa38456d30f36a
SHA512

d006a13ca09f7c214deb97612cc40ab586872a6a47ea6a9d89c7ef47f142aa8d6e89f318c04137d418bbb9e324e7090e28d6f7cc166edfebf80384cd296f31bc
SSDEEP

3072:udIBU7bNgcix/GrEA7x2KVSnJ4cRSdc61SawFokcKSQ:udyU7bNgciwrExYSJ4c0G61SXik3

Score

10^/10

redline sq3 discovery infostealer spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20231020-en

redline sq3 discovery infostealer spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20231025-en

redline sq3 discovery infostealer spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

sq3

C2

194.169.175.220:30615

Targets

- Target
  
  file.exe
- Size
  
  219KB
- MD5
  
  fdacf3668801073be898676b316190c5
- SHA1
  
  62d2fe2cd2b4db1990e8da3ae498ff56e13625ee
- SHA256
  
  6badd733b6b2e44bf8636cc72a53ab643461d5b1bd63982586aa38456d30f36a
- SHA512
  
  d006a13ca09f7c214deb97612cc40ab586872a6a47ea6a9d89c7ef47f142aa8d6e89f318c04137d418bbb9e324e7090e28d6f7cc166edfebf80384cd296f31bc
- SSDEEP
  
  3072:udIBU7bNgcix/GrEA7x2KVSnJ4cRSdc61SawFokcKSQ:udyU7bNgciwrExYSJ4c0G61SXik3
Score

10^/10

redline sq3 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesq3discoveryinfostealerspywarestealer

behavioral2

redlinesq3discoveryinfostealerspywarestealer

© 2018-2025

Terms | Privacy