redline | d4bae32272d4b78710e2546c787a5301135cdc3bbc89dde41fc32b5ff1b1374b | Triage

Submit
Reports

Overview

overview

Static

static

3

RogueV6.3cracked.exe

windows7-x64

RogueV6.3cracked.exe

windows10-2004-x64

Sharing

General

Target

RogueV6.3cracked.exe
Size

13.6MB
Sample

241130-w3mlzavnbn
MD5

ed475b5614b57bb769d9475bab408bb2
SHA1

a4496180da8930ea4b50f6b7e08e48cf4d093a43
SHA256

d4bae32272d4b78710e2546c787a5301135cdc3bbc89dde41fc32b5ff1b1374b
SHA512

88842132f2a486a34b4766d4b0092856fc3313895612f8aa613914acb5d32114ee033744c473b9ab28ec5f9f3e6e31980c85139f9f7dafdc4614b67f496403ce
SSDEEP

196608:/Qx1aFKgrjL4HwYJTPV+abRdGHMICWi0fNkn6zTetKvIy5nQmy:/Y1EDjL4QYJTQabRdGHvCWi0l6O+Kw

Score

10^/10

redline nou defense_evasion discovery infostealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

RogueV6.3cracked.exe

Resource

win7-20240729-en

redline nou defense_evasion discovery infostealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

RogueV6.3cracked.exe

Resource

win10v2004-20241007-en

redline nou defense_evasion discovery infostealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

NOu

C2

135.236.153.9:1912

Targets

- Target
  
  RogueV6.3cracked.exe
- Size
  
  13.6MB
- MD5
  
  ed475b5614b57bb769d9475bab408bb2
- SHA1
  
  a4496180da8930ea4b50f6b7e08e48cf4d093a43
- SHA256
  
  d4bae32272d4b78710e2546c787a5301135cdc3bbc89dde41fc32b5ff1b1374b
- SHA512
  
  88842132f2a486a34b4766d4b0092856fc3313895612f8aa613914acb5d32114ee033744c473b9ab28ec5f9f3e6e31980c85139f9f7dafdc4614b67f496403ce
- SSDEEP
  
  196608:/Qx1aFKgrjL4HwYJTPV+abRdGHMICWi0fNkn6zTetKvIy5nQmy:/Y1EDjL4QYJTQabRdGHvCWi0l6O+Kw
Score

10^/10

redline nou defense_evasion discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Obfuscated Files or Information

Command Obfuscation

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinenoudefense_evasiondiscoveryinfostealer

behavioral2

redlinenoudefense_evasiondiscoveryinfostealer

© 2018-2025

Terms | Privacy