redline | 0e486871aeddade1498c575341b53401d74af20bf4cf9103b8d1f9596d852673 | Triage

Submit
Reports

Overview

overview

Static

static

Redlineste...in.zip

windows7-x64

1

Redlineste...in.zip

windows10-2004-x64

Sharing

General

Target

Redlinestealer2020-main.zip
Size

2.5MB
Sample

241126-xdcwxatnft
MD5

291c143340623d5ddd9895e3173970cf
SHA1

64603a6f1fa74412e91fa20688f213d13b1dff40
SHA256

0e486871aeddade1498c575341b53401d74af20bf4cf9103b8d1f9596d852673
SHA512

4a226b9ca9c86cedcb677830551207fb5e4fe54f1e0959e4dc97581c1375416934d9a61570ddc6a7fab7acce0ef8d9cb4251de69b70d8780891f4b8f109eb6c7
SSDEEP

49152:BZiaJLFXJVKGIub4kSAQOXJ6kVViwBE2x6eni8mZw7/8Z:BZiaJtJVKGckSUdhBE/eiXOU

Score

10^/10

redline discovery evasion infostealer persistence privilege_escalation

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Redlinestealer2020-main.zip

Resource

win7-20240708-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

Redlinestealer2020-main.zip

Resource

win10v2004-20241007-en

redline discovery evasion infostealer persistence privilege_escalation

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  Redlinestealer2020-main.zip
- Size
  
  2.5MB
- MD5
  
  291c143340623d5ddd9895e3173970cf
- SHA1
  
  64603a6f1fa74412e91fa20688f213d13b1dff40
- SHA256
  
  0e486871aeddade1498c575341b53401d74af20bf4cf9103b8d1f9596d852673
- SHA512
  
  4a226b9ca9c86cedcb677830551207fb5e4fe54f1e0959e4dc97581c1375416934d9a61570ddc6a7fab7acce0ef8d9cb4251de69b70d8780891f4b8f109eb6c7
- SSDEEP
  
  49152:BZiaJLFXJVKGIub4kSAQOXJ6kVViwBE2x6eni8mZw7/8Z:BZiaJtJVKGckSUdhBE/eiXOU
Score

10^/10

redline discovery evasion infostealer persistence privilege_escalation
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlinediscoveryevasioninfostealerpersistenceprivilege_escalation

© 2018-2025

Terms | Privacy