redline | 2664569625cb454d1af101bf92dc5d0c826f554020f44f099a4ceaa60f9bce43 | Triage

Submit
Reports

Overview

overview

Static

static

3

c5fcaef53b...7N.exe

windows7-x64

c5fcaef53b...7N.exe

windows10-2004-x64

Sharing

General

Target

c5fcaef53b3525048bba7a641ebf39b32f26509aa4ea0e71f083314e56f56247N.exe
Size

588KB
Sample

241111-azmxnsxqfx
MD5

bad6611a9f3db50a67e2c26f373895bc
SHA1

d1e7bb3f6e25736cf700cdec93dc47235231c9f3
SHA256

2664569625cb454d1af101bf92dc5d0c826f554020f44f099a4ceaa60f9bce43
SHA512

bb8388b40471c6e1332af56d57ea00001bda480c7b802a2aee0fdccef846f1bfc209391532c39094e810fe2a077c2cd816ee85e1babd768d1f78d3b7424592c7
SSDEEP

12288:gtaGBKWoKAN/+v9PfUnv+ckUyjVm8ytFVTk8CCVHj:g0GkKApMhfUvDaVm8ytb+CVD

Score

10^/10

redline lada discovery infostealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c5fcaef53b3525048bba7a641ebf39b32f26509aa4ea0e71f083314e56f56247N.exe

Resource

win7-20240903-en

redline lada discovery infostealer

windows7-x64

9 signatures

120 seconds

Behavioral task

behavioral2

Sample

c5fcaef53b3525048bba7a641ebf39b32f26509aa4ea0e71f083314e56f56247N.exe

Resource

win10v2004-20241007-en

redline lada discovery infostealer

windows10-2004-x64

10 signatures

120 seconds

Malware Config

Extracted

Family

redline

Botnet

lada

C2

185.161.248.90:4125

Attributes

auth_value
0b3678897547fedafe314eda5a2015ba

Targets

- Target
  
  c5fcaef53b3525048bba7a641ebf39b32f26509aa4ea0e71f083314e56f56247N.exe
- Size
  
  588KB
- MD5
  
  bad6611a9f3db50a67e2c26f373895bc
- SHA1
  
  d1e7bb3f6e25736cf700cdec93dc47235231c9f3
- SHA256
  
  2664569625cb454d1af101bf92dc5d0c826f554020f44f099a4ceaa60f9bce43
- SHA512
  
  bb8388b40471c6e1332af56d57ea00001bda480c7b802a2aee0fdccef846f1bfc209391532c39094e810fe2a077c2cd816ee85e1babd768d1f78d3b7424592c7
- SSDEEP
  
  12288:gtaGBKWoKAN/+v9PfUnv+ckUyjVm8ytFVTk8CCVHj:g0GkKApMhfUvDaVm8ytb+CVD
Score

10^/10

redline lada discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineladadiscoveryinfostealer

behavioral2

redlineladadiscoveryinfostealer

© 2018-2025

Terms | Privacy