redline | c85533dc3627cc14b81a22fb204c42c9e5527e15ad78c832da7a159825de6ec7 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

c85533dc36...c7.exe

windows7-x64

c85533dc36...c7.exe

windows10-2004-x64

Sharing

General

Target

c85533dc3627cc14b81a22fb204c42c9e5527e15ad78c832da7a159825de6ec7
Size

2.2MB
Sample

240314-lx7d3sbd68
MD5

b1087aa5a1a538d7ee3bd9c3b774bb38
SHA1

0842a7d8905be9dbe06f9b2bd7376f33373af246
SHA256

c85533dc3627cc14b81a22fb204c42c9e5527e15ad78c832da7a159825de6ec7
SHA512

46aec87f752382ec9a5ce6f45af70ab54ae3fe158cd2084b27ca55d8224c83417c8a13091648b4b1ffdbf76f2b88ffa0424a76d3619c3516645e70b0c6969cb6
SSDEEP

24576:EQ1OwhF5/u7S/OiUVkcOpckjLDSvWrtaG2cskcA8AvuyLdk0JdQGwct28MENdhX2:DMwP5/u79ScOqkjqOrnq29QFxa

Score

10^/10

redline legaa infostealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c85533dc3627cc14b81a22fb204c42c9e5527e15ad78c832da7a159825de6ec7.exe

Resource

win7-20231129-en

redline legaa infostealer

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

c85533dc3627cc14b81a22fb204c42c9e5527e15ad78c832da7a159825de6ec7.exe

Resource

win10v2004-20240226-en

redline legaa infostealer

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

Legaa

C2

185.172.128.33:38294

Targets

- Target
  
  c85533dc3627cc14b81a22fb204c42c9e5527e15ad78c832da7a159825de6ec7
- Size
  
  2.2MB
- MD5
  
  b1087aa5a1a538d7ee3bd9c3b774bb38
- SHA1
  
  0842a7d8905be9dbe06f9b2bd7376f33373af246
- SHA256
  
  c85533dc3627cc14b81a22fb204c42c9e5527e15ad78c832da7a159825de6ec7
- SHA512
  
  46aec87f752382ec9a5ce6f45af70ab54ae3fe158cd2084b27ca55d8224c83417c8a13091648b4b1ffdbf76f2b88ffa0424a76d3619c3516645e70b0c6969cb6
- SSDEEP
  
  24576:EQ1OwhF5/u7S/OiUVkcOpckjLDSvWrtaG2cskcA8AvuyLdk0JdQGwct28MENdhX2:DMwP5/u79ScOqkjqOrnq29QFxa
Score

10^/10

redline legaa infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinelegaainfostealer

behavioral2

redlinelegaainfostealer

© 2018-2025

Terms | Privacy