redline | 5d06ec15c9349e9ae13d477fdab3d1a50b9bf784a726aff3a48dbcd5f99e493a | Triage

Submit
Reports

Overview

overview

Static

static

3

5d06ec15c9...3a.exe

windows7-x64

5d06ec15c9...3a.exe

windows10-2004-x64

Sharing

General

Target

5d06ec15c9349e9ae13d477fdab3d1a50b9bf784a726aff3a48dbcd5f99e493a.exe
Size

313KB
Sample

240906-bpkj8sybjm
MD5

324d2a434b8a3e038661a75587e303b8
SHA1

21e1be17da8e401a5928f5cdf5c262cefb305910
SHA256

5d06ec15c9349e9ae13d477fdab3d1a50b9bf784a726aff3a48dbcd5f99e493a
SHA512

eaf7d0393a62b2187614b3234a280d938ac2cbb9659117b39b2d482c909dea207b685ff7be46b4045468628958a03aa460f9dbc71b1566f54f2f252c934fd374
SSDEEP

6144:xJcrjyufnjS1Ht3pHjDNItvNoCOD6iuh52HK7q1BU0H:HUuufjSVbJnn650K21

Score

10^/10

redline @poretynojem credential_access discovery infostealer spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5d06ec15c9349e9ae13d477fdab3d1a50b9bf784a726aff3a48dbcd5f99e493a.exe

Resource

win7-20240903-en

redline @poretynojem credential_access discovery infostealer spyware stealer

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

5d06ec15c9349e9ae13d477fdab3d1a50b9bf784a726aff3a48dbcd5f99e493a.exe

Resource

win10v2004-20240802-en

redline @poretynojem credential_access discovery infostealer spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@PORETYNOJEM

C2

185.215.113.22:80

Targets

- Target
  
  5d06ec15c9349e9ae13d477fdab3d1a50b9bf784a726aff3a48dbcd5f99e493a.exe
- Size
  
  313KB
- MD5
  
  324d2a434b8a3e038661a75587e303b8
- SHA1
  
  21e1be17da8e401a5928f5cdf5c262cefb305910
- SHA256
  
  5d06ec15c9349e9ae13d477fdab3d1a50b9bf784a726aff3a48dbcd5f99e493a
- SHA512
  
  eaf7d0393a62b2187614b3234a280d938ac2cbb9659117b39b2d482c909dea207b685ff7be46b4045468628958a03aa460f9dbc71b1566f54f2f252c934fd374
- SSDEEP
  
  6144:xJcrjyufnjS1Ht3pHjDNItvNoCOD6iuh52HK7q1BU0H:HUuufjSVbJnn650K21
Score

10^/10

redline @poretynojem credential_access discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@poretynojemcredential_accessdiscoveryinfostealerspywarestealer

behavioral2

redline@poretynojemcredential_accessdiscoveryinfostealerspywarestealer

© 2018-2025

Terms | Privacy