redline | 07616318522b32ab6bad427deda6d198f2630b56a54b50c3871470a3d08362a1 | Triage

Submit
Reports

Overview

overview

Static

static

RedLine_30...ol.zip

windows11-21h2-x64

Resubmissions

05-02-2025 20:02

250205-yr68casmgj 10

27-10-2024 09:19

241027-k95wcaxbrk 10

Sharing

General

Target

RedLine_30.2-Tutorial-Tool.zip
Size

192.4MB
Sample

250205-yr68casmgj
MD5

7ff7a7cf8b089df262b9a3a9f0677bcd
SHA1

18223cd998fe003ccb2db5fa524d5e0560a9111e
SHA256

07616318522b32ab6bad427deda6d198f2630b56a54b50c3871470a3d08362a1
SHA512

a1326f2647bfdded4df072f44ff63d9ba765169fd0d9be596d04da27935eeb0d467edb4e539017a448cc3b7a6b5c41a0d719532edfbe1be453d3f6a97d9b8175
SSDEEP

6291456:k68bI4da1Y7Skq+tomtyKjHxhUR8KbuykO3F:ZwRda1Y7ZamtLvQ

Score

10^/10

redline jk discovery infostealer spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

RedLine_30.2-Tutorial-Tool.zip

Resource

win11-20241023-en

redline jk discovery infostealer spyware stealer

windows11-21h2-x64

22 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

jk

C2

127.0.0.1:1912

Targets

- Target
  
  RedLine_30.2-Tutorial-Tool.zip
- Size
  
  192.4MB
- MD5
  
  7ff7a7cf8b089df262b9a3a9f0677bcd
- SHA1
  
  18223cd998fe003ccb2db5fa524d5e0560a9111e
- SHA256
  
  07616318522b32ab6bad427deda6d198f2630b56a54b50c3871470a3d08362a1
- SHA512
  
  a1326f2647bfdded4df072f44ff63d9ba765169fd0d9be596d04da27935eeb0d467edb4e539017a448cc3b7a6b5c41a0d719532edfbe1be453d3f6a97d9b8175
- SSDEEP
  
  6291456:k68bI4da1Y7Skq+tomtyKjHxhUR8KbuykO3F:ZwRda1Y7ZamtLvQ
Score

10^/10

redline jk discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinejkdiscoveryinfostealerspywarestealer

© 2018-2025

Terms | Privacy