redline | 95ac18eaf1a56e84bb1fdbe10c0f06fff91ce808d45a9359047bdb7267ec8235 | Triage

Submit
Reports

Overview

overview

Static

static

1

[V2]launcher.exe

windows7-x64

[V2]launcher.exe

windows10-2004-x64

Sharing

General

Target

[V2]launcher.exe
Size

10.4MB
Sample

240501-wqv3ksfa69
MD5

22cee31b95cb8b6a767419a460aaaeb0
SHA1

0c5c38bd43b0e2a739ec7a75f53d829b7f9f99fb
SHA256

95ac18eaf1a56e84bb1fdbe10c0f06fff91ce808d45a9359047bdb7267ec8235
SHA512

3caae26df9b971a72ad1f904aea02279e3550ec4e5f58ef3ec6dad6db3c35ce9cda6d28d06030aa8cd64fa84dd57a70df59db5884dc22e255cfd36f9a77f8f2e
SSDEEP

6144:5n/Nq7BfxS++CICXPcxK0sdyCJoe2WdD4tGPFO9XMH5KJaRHdZQD:5n/4Nfr5xjdyCCWJ4toQY7WD

Score

10^/10

redline @felnan32007 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

[V2]launcher.exe

Resource

win7-20240221-en

redline @felnan32007 discovery infostealer spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

[V2]launcher.exe

Resource

win10v2004-20240226-en

redline @felnan32007 discovery infostealer spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@Felnan32007

C2

45.15.156.167:80

Targets

- Target
  
  [V2]launcher.exe
- Size
  
  10.4MB
- MD5
  
  22cee31b95cb8b6a767419a460aaaeb0
- SHA1
  
  0c5c38bd43b0e2a739ec7a75f53d829b7f9f99fb
- SHA256
  
  95ac18eaf1a56e84bb1fdbe10c0f06fff91ce808d45a9359047bdb7267ec8235
- SHA512
  
  3caae26df9b971a72ad1f904aea02279e3550ec4e5f58ef3ec6dad6db3c35ce9cda6d28d06030aa8cd64fa84dd57a70df59db5884dc22e255cfd36f9a77f8f2e
- SSDEEP
  
  6144:5n/Nq7BfxS++CICXPcxK0sdyCJoe2WdD4tGPFO9XMH5KJaRHdZQD:5n/4Nfr5xjdyCCWJ4toQY7WD
Score

10^/10

redline @felnan32007 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@felnan32007discoveryinfostealerspywarestealer

behavioral2

redline@felnan32007discoveryinfostealerspywarestealer

© 2018-2025

Terms | Privacy