redline | c99dc4764552b003e8dc38ebd1486ddee15af2ea71f165133a29e20d9fe11cd1 | Triage

Submit
Reports

Overview

overview

Static

static

1

c99dc47645...1N.exe

windows7-x64

c99dc47645...1N.exe

windows10-2004-x64

Sharing

General

Target

c99dc4764552b003e8dc38ebd1486ddee15af2ea71f165133a29e20d9fe11cd1N.exe
Size

365KB
Sample

250208-h9vz2asnfy
MD5

664d5850a987edef967f795815f404c0
SHA1

10e2d44e0d4044fc6f6edf7851f4730b0fd0e2dd
SHA256

c99dc4764552b003e8dc38ebd1486ddee15af2ea71f165133a29e20d9fe11cd1
SHA512

d812f07aea39be1a45380422cb72ecaf8823c54303d7f5f3f74c861c623de20a060590702c6dd8468e2f7db43d29e1fe4949e5f772749fdbc6cb2fc427582281
SSDEEP

3072:gokN1jz7yTZjD7CaVT7yFrvSwAlvwz9xmBihXUH8RLrbsW0bCtjUuIYyGVKA6m2y:goA9yTZjD7VsDZxegXUH8Rpxn2m666I

Score

10^/10

redline @swagseasoon discovery infostealer

Static task

static1

Behavioral task

behavioral1

Sample

c99dc4764552b003e8dc38ebd1486ddee15af2ea71f165133a29e20d9fe11cd1N.exe

Resource

win7-20240903-en

redline @swagseasoon discovery infostealer

windows7-x64

7 signatures

120 seconds

Behavioral task

behavioral2

Sample

c99dc4764552b003e8dc38ebd1486ddee15af2ea71f165133a29e20d9fe11cd1N.exe

Resource

win10v2004-20250207-en

redline @swagseasoon discovery infostealer

windows10-2004-x64

9 signatures

120 seconds

Malware Config

Extracted

Family

redline

Botnet

@swagseasoon

C2

37.220.87.8:42823

Attributes

auth_value
bfc2903da4ada2bec8e5446f6bfa75a6

Targets

- Target
  
  c99dc4764552b003e8dc38ebd1486ddee15af2ea71f165133a29e20d9fe11cd1N.exe
- Size
  
  365KB
- MD5
  
  664d5850a987edef967f795815f404c0
- SHA1
  
  10e2d44e0d4044fc6f6edf7851f4730b0fd0e2dd
- SHA256
  
  c99dc4764552b003e8dc38ebd1486ddee15af2ea71f165133a29e20d9fe11cd1
- SHA512
  
  d812f07aea39be1a45380422cb72ecaf8823c54303d7f5f3f74c861c623de20a060590702c6dd8468e2f7db43d29e1fe4949e5f772749fdbc6cb2fc427582281
- SSDEEP
  
  3072:gokN1jz7yTZjD7CaVT7yFrvSwAlvwz9xmBihXUH8RLrbsW0bCtjUuIYyGVKA6m2y:goA9yTZjD7VsDZxegXUH8Rpxn2m666I
Score

10^/10

redline @swagseasoon discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Downloads MZ/PE file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@swagseasoondiscoveryinfostealer

behavioral2

redline@swagseasoondiscoveryinfostealer

© 2018-2025

Terms | Privacy