redline | 78a6286951ae1ea0425e2726eb61c6fdaff91731a25c826cc5167f4b2f2eefa1 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

fcc616ecbe...c2.exe

windows7-x64

fcc616ecbe...c2.exe

windows10-2004-x64

Resubmissions

16/12/2024, 22:35 UTC

241216-2h314sskfx 10

13/12/2024, 01:39 UTC

241213-b252pswmen 10

Sharing

General

Target

f0aaf1b673a9316c4b899ccc4e12d33e.bin
Size

116KB
Sample

241213-b252pswmen
MD5

5d94283b7257081ee6bf187703d4c970
SHA1

4bf045392a4d9ea30efd89d90d415f1a2cbce698
SHA256

78a6286951ae1ea0425e2726eb61c6fdaff91731a25c826cc5167f4b2f2eefa1
SHA512

4f3853dff3d311b5361e17c8a95a9db3c6c14fae8b6344830e1111c9c6819739fa528878b87bf1cd4060ca898f637d9b8d7bd23840d5f28d587927438ede484c
SSDEEP

3072:2HV+nkF0cho46FZj28vPvHlLrNTRd4Lqt2f/el1CLs:GV+A0cp8wMvVXdtt2f/CwA

Score

10^/10

redline fvcxcx discovery infostealer spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

fcc616ecbe31fadf9c30a9baedde66d2ce7ff10c369979fe9c4f8c5f1bff3fc2.exe

Resource

win7-20240903-en

redline fvcxcx discovery infostealer spyware stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

fcc616ecbe31fadf9c30a9baedde66d2ce7ff10c369979fe9c4f8c5f1bff3fc2.exe

Resource

win10v2004-20241007-en

redline fvcxcx discovery infostealer spyware stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

fvcxcx

C2

185.81.68.147:1912

Targets

- Target
  
  fcc616ecbe31fadf9c30a9baedde66d2ce7ff10c369979fe9c4f8c5f1bff3fc2.exe
- Size
  
  300KB
- MD5
  
  f0aaf1b673a9316c4b899ccc4e12d33e
- SHA1
  
  294b9c038264d052b3c1c6c80e8f1b109590cf36
- SHA256
  
  fcc616ecbe31fadf9c30a9baedde66d2ce7ff10c369979fe9c4f8c5f1bff3fc2
- SHA512
  
  97d149658e9e7a576dfb095d5f6d8956cb185d35f07dd8e769b3b957f92260b5de727eb2685522923d15cd70c16c596aa6354452ac851b985ab44407734b6f21
- SSDEEP
  
  3072:GcZqf7D34kp/0+mAYkygYdQ0ghnB1fA0PuTVAtkxzF3R4eqiOL2bBOA:GcZqf7DIcnGapB1fA0GTV8krYL
Score

10^/10

redline fvcxcx discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinefvcxcxdiscoveryinfostealerspywarestealer

behavioral2

redlinefvcxcxdiscoveryinfostealerspywarestealer

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.