redline | 4d3f328da9dc0f53b979075eb9334c42bfe50857fbe7c07fd7721f18ae8136e6 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

4d3f328da9...e6.exe

windows7-x64

9

4d3f328da9...e6.exe

windows10-2004-x64

Sharing

General

Target

4d3f328da9dc0f53b979075eb9334c42bfe50857fbe7c07fd7721f18ae8136e6
Size

474KB
Sample

240616-zw6ytaxgqh
MD5

ff3dfe957c4a50432a070969c887c74e
SHA1

15d00674419d448b92668439f265f0dbb3acb305
SHA256

4d3f328da9dc0f53b979075eb9334c42bfe50857fbe7c07fd7721f18ae8136e6
SHA512

5842524c90b78e33ed2b59a6ad345f6f8d6671ba15486a9340b103eaad40fc0f4da5ee9c699b1e73db35a8a4936826e1db8e966be73b5c6ba921063a83a1ef82
SSDEEP

12288:Lh1Fk70TnvjcupksZzmlJqEQFLEOrGIvxRjNu9/5Z765bE/M:Rk70Trcp+ml3QeIpRjO5Z724M

Score

10^/10

redline @systemrooted infostealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4d3f328da9dc0f53b979075eb9334c42bfe50857fbe7c07fd7721f18ae8136e6.exe

Resource

win7-20231129-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

4d3f328da9dc0f53b979075eb9334c42bfe50857fbe7c07fd7721f18ae8136e6.exe

Resource

win10v2004-20240508-en

redline @systemrooted infostealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@systemrooted

C2

45.15.156.167:80

Targets

- Target
  
  4d3f328da9dc0f53b979075eb9334c42bfe50857fbe7c07fd7721f18ae8136e6
- Size
  
  474KB
- MD5
  
  ff3dfe957c4a50432a070969c887c74e
- SHA1
  
  15d00674419d448b92668439f265f0dbb3acb305
- SHA256
  
  4d3f328da9dc0f53b979075eb9334c42bfe50857fbe7c07fd7721f18ae8136e6
- SHA512
  
  5842524c90b78e33ed2b59a6ad345f6f8d6671ba15486a9340b103eaad40fc0f4da5ee9c699b1e73db35a8a4936826e1db8e966be73b5c6ba921063a83a1ef82
- SSDEEP
  
  12288:Lh1Fk70TnvjcupksZzmlJqEQFLEOrGIvxRjNu9/5Z765bE/M:Rk70Trcp+ml3QeIpRjO5Z724M
Score

10^/10

redline @systemrooted infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Detects executables packed with unregistered version of .NET Reactor
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

redline@systemrootedinfostealer

© 2018-2025

Terms | Privacy