redline | 0372f8e2ae02cf9e52cbd226ff8e1f5fd3c0404858dc41439dd2fe49adfbfadf | Triage

Submit
Reports

Overview

overview

Static

static

3

Script.exe

windows10-2004-x64

Sharing

General

Target

Script.exe
Size

436KB
Sample

240410-vxmt4seh24
MD5

db9f3a98bc34ba5cd74ea5fdbac2fd64
SHA1

9521048c031804b3a004e8817d814fd388de4ebd
SHA256

0372f8e2ae02cf9e52cbd226ff8e1f5fd3c0404858dc41439dd2fe49adfbfadf
SHA512

19ab07f4368d7b91a703b65ee7bc7dc7ddaf3f4a1f10561ac7b38d258bcf1f06c26a7dd3945d2e50bf05ecff65c7219f47aa26fcc59c7586a76e8b13e8ae6b9d
SSDEEP

6144:qM0jq5dOzh7bSLd0dRwVA8mIXagfTG6O0L4WP2UZia8xNeI/rr3S3U:90jq5dYj8vXagfTG6O0LcUkxNH3S3U

Score

10^/10

redline discovery infostealer spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Script.exe

Resource

win10v2004-20240319-en

redline discovery infostealer spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

redline

C2

45.15.156.127:48665

Targets

- Target
  
  Script.exe
- Size
  
  436KB
- MD5
  
  db9f3a98bc34ba5cd74ea5fdbac2fd64
- SHA1
  
  9521048c031804b3a004e8817d814fd388de4ebd
- SHA256
  
  0372f8e2ae02cf9e52cbd226ff8e1f5fd3c0404858dc41439dd2fe49adfbfadf
- SHA512
  
  19ab07f4368d7b91a703b65ee7bc7dc7ddaf3f4a1f10561ac7b38d258bcf1f06c26a7dd3945d2e50bf05ecff65c7219f47aa26fcc59c7586a76e8b13e8ae6b9d
- SSDEEP
  
  6144:qM0jq5dOzh7bSLd0dRwVA8mIXagfTG6O0L4WP2UZia8xNeI/rr3S3U:90jq5dYj8vXagfTG6O0LcUkxNH3S3U
Score

10^/10

redline discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspywarestealer

© 2018-2025

Terms | Privacy