redline | a71bc1a9c73d95cfcada85c017b39e7d8b0aa6c8c80ef0410ab38a289a9871e1 | Triage

Submit
Reports

Overview

overview

Static

static

3

ff796cfa47...4f.exe

windows7-x64

ff796cfa47...4f.exe

windows10-2004-x64

Sharing

General

Target

f762efaa3e352116c34152f01a8eb700
Size

307KB
Sample

241110-29t8aazqdn
MD5

f762efaa3e352116c34152f01a8eb700
SHA1

f593a1794f7f52d9b2202b89d094a0d6f1d066d8
SHA256

a71bc1a9c73d95cfcada85c017b39e7d8b0aa6c8c80ef0410ab38a289a9871e1
SHA512

8db3a50233137f5b0a268bcd193f87f14bcc3ff18be2b45d1274b00a5a063d464a5ab9b53b57abd7a4fd8b2c1f88d7f87a47ad4feb2a6648a6f2d7af6021afe8
SSDEEP

6144:x1xoGInu4abaC/0kjjIGa/oHOcQKP2vZ/8586oehB5V8R5Dfz7q:x1xoGInu4Nl3/QjPq85RtB5WXDfzO

Score

10^/10

redline lyla10.11 discovery infostealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ff796cfa476a4dc68d5d01340d99ce2aa76add70ea69f751ca0fa48f4b03724f.exe

Resource

win7-20241010-en

redline lyla10.11 discovery infostealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

ff796cfa476a4dc68d5d01340d99ce2aa76add70ea69f751ca0fa48f4b03724f.exe

Resource

win10v2004-20241007-en

redline lyla10.11 discovery infostealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

Lyla10.11

C2

185.215.113.216:21921

Attributes

auth_value
b78918bf192f26624c358e966a70107f

Targets

- Target
  
  ff796cfa476a4dc68d5d01340d99ce2aa76add70ea69f751ca0fa48f4b03724f.exe
- Size
  
  387KB
- MD5
  
  7c633602c37572f5c0134c56ffb03d4d
- SHA1
  
  d0f59a62757b426eca5be2838f165e7f3ca63b23
- SHA256
  
  ff796cfa476a4dc68d5d01340d99ce2aa76add70ea69f751ca0fa48f4b03724f
- SHA512
  
  2c8e8ebb33575c96a9130865cdf7f5abbf73cc379de7e6d140aaa9fbe7b8c8c91eb5bde3b51a6b92563aa291e151800f022761061fb3fb9b5e33e2dd0238ba51
- SSDEEP
  
  6144:HarYp69LhPz7fWS1bKtWM9bKlBNRjhZJh1qWeR4kAe8KxqK5g21TUxrOXWsiT4Vl:6fPzjoTOjntZJh1qWeR4kaNWTDNMc7
Score

10^/10

redline lyla10.11 discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinelyla10.11discoveryinfostealer

behavioral2

redlinelyla10.11discoveryinfostealer

© 2018-2025

Terms | Privacy