redline | ef6d5d1d711ac0d8ca385cb4810e11ed343656ef06f9c36d5746c5dcecf3a356 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

Download-R...er.zip

windows11-21h2-x64

Sharing

General

Target

Download-RedLine-Stealer-Latest-Cleaned-main.zip
Size

17.2MB
Sample

241204-yacx6ssrgq
MD5

7c82717c901169c4cd7158e19f49399f
SHA1

dc544707688123761b6864ac79f90ecd70185621
SHA256

ef6d5d1d711ac0d8ca385cb4810e11ed343656ef06f9c36d5746c5dcecf3a356
SHA512

2b4c6b2fdff27eb259c93bb8465d5810a90460e764c84c769215deace5c711dce3f4d7b076fd3d1e8392bcee9a068ec17a95fc9bd049b9144907f66245984717
SSDEEP

393216:N6AL1DWiFjy2F43KVjCybo8x8CLO0kjl2sDYSUs9Tv:N5L1rFjEKl1oNrJZYyr

Score

10^/10

redline xworm discovery infostealer rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

Download-RedLine-Stealer-Latest-Cleaned-main/RedLine Stealer.zip

Resource

win11-20241007-en

redline xworm discovery infostealer rat trojan

windows11-21h2-x64

21 signatures

1800 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

svchost.serveirc.com:1313

Mutex

MML7YiawHlQLefrX

Attributes

Install_directory
%AppData%
install_file
svchost.exe
telegram
https://api.telegram.org/bot7089308942:AAHsTcsMKoz1p6-9kX7OD8cZDlRLQM_DN-A/sendMessage?chat_id=5936200928

aes.plain

1
xF7B4ddJ8+X7RlVw0VlDbQ==

Targets

- Target
  
  Download-RedLine-Stealer-Latest-Cleaned-main/RedLine Stealer.zip
- Size
  
  17.2MB
- MD5
  
  d3d1d5504a838b38d27bfdc29a9bf0ea
- SHA1
  
  f6c351251c4b5fa64b852dc2ae6f85cf870a1508
- SHA256
  
  4f90b7c87ae9a261936b72f8062c7ffff38f5921dc58794a23084aa0ad95969d
- SHA512
  
  7f7dd2471f6aec68b1a2d59b1ccac1cef1142ee9fd734db6b320013dddac3c8e828ec0339765aa4df864e275415862df877971dbec803a3d6b350f034982c781
- SSDEEP
  
  393216:y6AL1DWiFjy2F43KVjCybo8x8CLO0kjl2sDYSUs9Tx:y5L1rFjEKl1oNrJZYyl
Score

10^/10

redline xworm discovery infostealer rat trojan
- Detect Xworm Payload
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinexwormdiscoveryinfostealerrattrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.