redline | b254d9ed08f3a7398fa49ea2b511ba5591c581c6843518048a60569d949dea9c | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

9cf3a49099...0N.exe

windows7-x64

3

9cf3a49099...0N.exe

windows10-2004-x64

Sharing

General

Target

9cf3a490991a8c8bf088d3e96258c0a0N.exe
Size

968KB
Sample

240820-1qd7aavepb
MD5

9cf3a490991a8c8bf088d3e96258c0a0
SHA1

0579860ae04ccfe20c59f86c99e060c9114179b3
SHA256

b254d9ed08f3a7398fa49ea2b511ba5591c581c6843518048a60569d949dea9c
SHA512

e22e83bab96280aed6b329a4476ed5d24536a1f3eb662583bf32509868bb9523a4309e58a4f73528305285e7d8d1d5a566cd9207b167c1291f4dc3de1a978694
SSDEEP

12288:JXCeCOfdk+VhmheZCVtqO9bES8zOFHKPJi4/ubnYLlJ6Gug2tV3:PCMdk+VhpZCVtqxGKPJ3Lz45J

Score

10^/10

redline 5195552529 discovery infostealer

Static task

static1

Behavioral task

behavioral1

Sample

9cf3a490991a8c8bf088d3e96258c0a0N.exe

Resource

win7-20240708-en

windows7-x64

3 signatures

120 seconds

Behavioral task

behavioral2

Sample

9cf3a490991a8c8bf088d3e96258c0a0N.exe

Resource

win10v2004-20240802-en

redline 5195552529 discovery infostealer

windows10-2004-x64

9 signatures

120 seconds

Malware Config

Extracted

Family

redline

Botnet

5195552529

C2

https://pastebin.com/raw/NgsUAPya

Targets

- Target
  
  9cf3a490991a8c8bf088d3e96258c0a0N.exe
- Size
  
  968KB
- MD5
  
  9cf3a490991a8c8bf088d3e96258c0a0
- SHA1
  
  0579860ae04ccfe20c59f86c99e060c9114179b3
- SHA256
  
  b254d9ed08f3a7398fa49ea2b511ba5591c581c6843518048a60569d949dea9c
- SHA512
  
  e22e83bab96280aed6b329a4476ed5d24536a1f3eb662583bf32509868bb9523a4309e58a4f73528305285e7d8d1d5a566cd9207b167c1291f4dc3de1a978694
- SSDEEP
  
  12288:JXCeCOfdk+VhmheZCVtqO9bES8zOFHKPJi4/ubnYLlJ6Gug2tV3:PCMdk+VhpZCVtqxGKPJ3Lz45J
Score

10^/10

discovery redline 5195552529 infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redline5195552529discoveryinfostealer

© 2018-2025

Terms | Privacy