File name:

Redline Stealer (Cracked).zip

Full analysis: https://app.any.run/tasks/84b357fb-e8e7-4626-b35a-412f471cefa3
Verdict: Malicious activity
Threats:

RedLine Stealer is a malicious program that collects users’ confidential data from browsers, systems, and installed software. It also infects operating systems with other malware.

Malware Trends Tracker     >>>
Analysis date: May 31, 2024, 18:45:20
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
redline
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=store
MD5:

45A6FE57C6337CC0610B2A8DC4F1528F

SHA1:

6856D0C9CBE9A4EE0E249F4B020B8D280F5DCAAB

SHA256:

0A8AA823B88D22FFDCDBC8F5F1B3C4A97B030885ED5AA2CFD8E46B89806AF7D9

SSDEEP:

98304:WJx39hUrFqNL9Ckdm4IIxYFdrkonHjgDJvLyX5FKCFBN42wjFCC44IgZI6GrKZQX:0el6JC

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3972)

    • REDLINE has been detected (YARA)

      • RedLine.MainPanel-cracked.exe (PID: 752)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • RedLine.MainPanel-cracked.exe (PID: 752)

    • Reads the Internet Settings

      • RedLine.MainPanel-cracked.exe (PID: 752)

  • INFO

    • Checks supported languages

      • RedLine.MainPanel-cracked.exe (PID: 752)
      • builder.exe (PID: 728)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3972)

    • Reads the computer name

      • RedLine.MainPanel-cracked.exe (PID: 752)
      • builder.exe (PID: 728)

    • Manual execution by a user

      • RedLine.MainPanel-cracked.exe (PID: 752)

    • Reads Environment values

      • RedLine.MainPanel-cracked.exe (PID: 752)

    • Reads the machine GUID from the registry

      • RedLine.MainPanel-cracked.exe (PID: 752)
      • builder.exe (PID: 728)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (36.3)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0808
ZipCompression: None
ZipModifyDate: 2021:12:29 09:04:16
ZipCRC: 0x3b3d61c6
ZipCompressedSize: 446
ZipUncompressedSize: 446
ZipFileName: Redline Stealer/README.md
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe #REDLINE redline.mainpanel-cracked.exe no specs builder.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
728"C:\Users\admin\Desktop\Redline Stealer\Libraries\builder.exe" C:\Users\admin\Desktop\Redline Stealer\Libraries\builder.exeRedLine.MainPanel-cracked.exe
User:
admin
Integrity Level:
MEDIUM
Description:
builder
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\redline stealer\libraries\builder.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
752"C:\Users\admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe" C:\Users\admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
RedLinePanel
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\redline stealer\redline.mainpanel-cracked.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
3972"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\Redline Stealer (Cracked).zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
4 925
Read events
4 906
Write events
19
Delete events
0

Modification events

(PID) Process:(3972) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3972) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3972) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3972) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3972) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3972) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(3972) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\Redline Stealer (Cracked).zip
(PID) Process:(3972) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3972) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3972) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
15
Suspicious files
6
Text files
7
Unknown types
1

Dropped files

PID
Process
Filename
Type
3972WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3972.44627\Redline Stealer\README.mdtext
MD5:E2DB1441B03414CCD5627075A7F567CF
SHA256:41DED26595B824BD680E0B2E895A6B1CA3AE6D0D2260653175DCA35A6A56B54A
3972WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3972.44627\Redline Stealer\LICENSEtext
MD5:624DABF940FEB6357C70AFB0E1769DD9
SHA256:F70F862F10B5E832A87D98B159294B68CCF58D4188D7EFB323C053EECED58D82
3972WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3972.44627\Redline Stealer\RedLine.MainPanel.idbbinary
MD5:3DA6C975E08BF1A134B25EE33D0288B1
SHA256:16FEEF35E1C0B52A51E898A04D98034ABBC413E483DEB9C410469427035778C8
3972WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3972.44627\Redline Stealer\Libraries\Mono.Cecil.Mdb.pdbbinary
MD5:0BA762B6B5FBDA000E51D66722A3BB2C
SHA256:D18EB89421D50F079291B78783408CEE4BAB6810E4C5A4B191849265BDD5BA7C
3972WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3972.44627\Redline Stealer\RedLine.MainPanel.exe.configxml
MD5:6EBC9B76090C8C4BF6B65C02503C6CD6
SHA256:EF9352989527D16CF5BE708B0D8E6D384618746A3999230F477CF50F34FF67C9
3972WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3972.44627\Redline Stealer\OpenPort.battext
MD5:CF1CC90281E28CEE22DCE7ED013C2678
SHA256:84399F8BCCEFA404E156A5351B1DE75A2D5290B4FDDD1754EFB16401ED7218EF
3972WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3972.44627\Redline Stealer\Libraries\Mono.Cecil.pdbbinary
MD5:C0A69F1B0C50D4F133CD0B278AC2A531
SHA256:A4F79C99D8923BD6C30EFAFA39363C18BABE95F6609BBAD242BCA44342CCC7BB
3972WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3972.44627\Redline Stealer\Libraries\stub.exeexecutable
MD5:9C44CE0CC507F539A3B6AA9C3671F092
SHA256:7B6C6588D3BDDB06A0EFBBF237CF501C027DAC8BD2B82C6835E0A2C8BDFAE842
3972WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3972.44627\Redline Stealer\Libraries\Newtonsoft.Json.dllexecutable
MD5:6815034209687816D8CF401877EC8133
SHA256:7F912B28A07C226E0BE3ACFB2F57F050538ABA0100FA1F0BF2C39F1A1F1DA814
3972WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3972.44627\Redline Stealer\Libraries\Mono.Cecil.Rocks.pdbbinary
MD5:17E3CCB3A96BE6D93CA3C286CA3B93DC
SHA256:CA54D2395697EFC3163016BBC2BB1E91B13D454B9A5A3EE9A4304012F012E5EB
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
224.0.0.252:5355
unknown
1088
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Redline Stealer (Cracked).zip