analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

Redline Stealer Cracked.rar

Full analysis: https://app.any.run/tasks/f8814582-0a37-42ce-b575-03353ac260b2
Verdict: Malicious activity
Threats:

RedLine Stealer is a malicious program that collects users’ confidential data from browsers, systems, and installed software. It also infects operating systems with other malware.

Malware Trends Tracker     >>>
Analysis date: October 05, 2022, 03:44:40
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
redline
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

8192C4EFE5DB5C5706FF46D0C2BA05FC

SHA1:

C411591D171FAB492C917AB85C12E5FDC16F61F1

SHA256:

62A68ABBA2B9283DB4EC701092D1BD8656633FB331D4F0EFCBF499538D60E0C2

SSDEEP:

49152:Ih3MH4v/kFGmEr6Mv/onqQkF7m5SA8qfehyl3tRw:IhMo/2GTr6a/oq77ASuj3tW

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • SearchProtocolHost.exe (PID: 3120)
      • REDLINE.MAINPANEL-CRACKED.EXE (PID: 2708)

    • Application was dropped or rewritten from another process

      • RedLine.MainPanel-cracked.exe (PID: 1848)
      • REDLINE.MAINPANEL-CRACKED.EXE (PID: 2708)
      • REDLINE CRACK LOADER.EXE (PID: 2280)

    • Writes to a start menu file

      • REDLINE CRACK LOADER.EXE (PID: 2280)

    • REDLINE detected by memory dumps

      • REDLINE.MAINPANEL-CRACKED.EXE (PID: 2708)

  • SUSPICIOUS

    • Checks supported languages

      • WinRAR.exe (PID: 1152)
      • RedLine.MainPanel-cracked.exe (PID: 1848)
      • REDLINE.MAINPANEL-CRACKED.EXE (PID: 2708)
      • REDLINE CRACK LOADER.EXE (PID: 2280)

    • Reads the computer name

      • WinRAR.exe (PID: 1152)
      • RedLine.MainPanel-cracked.exe (PID: 1848)
      • REDLINE CRACK LOADER.EXE (PID: 2280)
      • REDLINE.MAINPANEL-CRACKED.EXE (PID: 2708)

    • Creates files in the user directory

      • REDLINE CRACK LOADER.EXE (PID: 2280)

    • Reads Environment values

      • REDLINE.MAINPANEL-CRACKED.EXE (PID: 2708)

  • INFO

    • Checks supported languages

      • rundll32.exe (PID: 2440)
      • taskmgr.exe (PID: 3448)

    • Manual execution by user

      • rundll32.exe (PID: 2440)
      • RedLine.MainPanel-cracked.exe (PID: 1848)
      • taskmgr.exe (PID: 3448)

    • Reads the computer name

      • taskmgr.exe (PID: 3448)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
7
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start drop and start drop and start winrar.exe no specs searchprotocolhost.exe no specs rundll32.exe no specs redline.mainpanel-cracked.exe redline crack loader.exe #REDLINE redline.mainpanel-cracked.exe no specs taskmgr.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1152"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Redline Stealer Cracked.rar"C:\Program Files\WinRAR\WinRAR.exeExplorer.EXE
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.91.0
3120"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" C:\Windows\system32\SearchProtocolHost.exeSearchIndexer.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Windows Search Protocol Host
Version:
7.00.7601.24542 (win7sp1_ldr_escrow.191209-2211)
2440"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\Desktop\Redline Stealer Cracked\RedLine.MainPanel1.exe.configC:\Windows\system32\rundll32.exeExplorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
1848"C:\Users\admin\Desktop\Redline Stealer Cracked\RedLine.MainPanel-cracked.exe" C:\Users\admin\Desktop\Redline Stealer Cracked\RedLine.MainPanel-cracked.exe
Explorer.EXE
User:
admin
Integrity Level:
MEDIUM
Exit code:
1
2280"C:\Users\admin\AppData\Local\Temp\REDLINE CRACK LOADER.EXE" C:\Users\admin\AppData\Local\Temp\REDLINE CRACK LOADER.EXE
RedLine.MainPanel-cracked.exe
User:
admin
Integrity Level:
MEDIUM
2708"C:\Users\admin\AppData\Local\Temp\REDLINE.MAINPANEL-CRACKED.EXE" C:\Users\admin\AppData\Local\Temp\REDLINE.MAINPANEL-CRACKED.EXE
RedLine.MainPanel-cracked.exe
User:
admin
Integrity Level:
MEDIUM
Description:
RedLinePanel
Exit code:
0
Version:
1.0.0.0
3448"C:\Windows\system32\taskmgr.exe" /4C:\Windows\system32\taskmgr.exeExplorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Task Manager
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Total events
4 294
Read events
4 254
Write events
40
Delete events
0

Modification events

(PID) Process:(1152) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(1152) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(1152) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1152) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(1152) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(1152) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Redline Stealer Cracked.rar
(PID) Process:(1152) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1152) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1152) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(1152) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
Executable files
18
Suspicious files
5
Text files
9
Unknown types
2

Dropped files

PID
Process
Filename
Type
1152WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1152.14488\Redline Stealer Cracked\Libraries\Mono.Cecil.Mdb.dllexecutable
MD5:DC80F588F513D998A5DF1CA415EDB700
SHA256:90CFC73BEFD43FC3FD876E23DCC3F5CE6E9D21D396BBB346513302E2215DB8C9
1152WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1152.14488\Redline Stealer Cracked\Libraries\Mono.Cecil.dllexecutable
MD5:7546ACEBC5A5213DEE2A5ED18D7EBC6C
SHA256:7744C9C84C28033BC3606F4DFCE2ADCD6F632E2BE7827893C3E2257100F1CF9E
1152WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1152.14488\Redline Stealer Cracked\Libraries\Mono.Cecil.Rocks.dllexecutable
MD5:C8F36848CE8F13084B355C934FC91746
SHA256:A08C040912DF2A3C823ADE85D62239D56ABAA8F788A2684FB9D33961922687C7
1152WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1152.14488\Redline Stealer Cracked\Libraries\Build.exeexecutable
MD5:A6D61364CBD2BB44F847FD4600305E22
SHA256:17E503B29AC6DFE2B3C7C2462448AD16C61B0585B989FB5BE2EDD81F1CA55A8C
1152WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1152.14488\Redline Stealer Cracked\Libraries\Mono.Cecil.Pdb.dllexecutable
MD5:6CD3ED3DB95D4671B866411DB4950853
SHA256:D67EBD49241041E6B6191703A90D89E68D4465ADCE02C595218B867DF34581A3
1152WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1152.14488\Redline Stealer Cracked\Libraries\MetroSet UI.dllodttf
MD5:F13DC3CFFEF729D26C4DA102674561CF
SHA256:D490C04E6E89462FD46099D3454985F319F57032176C67403B3B92C86CA58BCB
1152WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1152.14488\Redline Stealer Cracked\Libraries\Mono.Cecil.Mdb.pdbbinary
MD5:0BA762B6B5FBDA000E51D66722A3BB2C
SHA256:D18EB89421D50F079291B78783408CEE4BAB6810E4C5A4B191849265BDD5BA7C
1152WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1152.14488\Redline Stealer Cracked\Libraries\GuiLib.dllexecutable
MD5:EAF9C55793CD26F133708714ED3A5397
SHA256:87CFC70BEC2D2A37BCD5D46F9E6F0051F82E015FF96E8F2BC2D81B85F2632F15
1152WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1152.14488\Redline Stealer Cracked\Libraries\protobuf-net.dllexecutable
MD5:D16FFFEB71891071C1C5D9096BA03971
SHA256:141B235AF8EBF25D5841EDEE29E2DCF6297B8292A869B3966C282DA960CBD14D
1152WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1152.14488\Redline Stealer Cracked\Libraries\RedLine.SharedModels.dllexecutable
MD5:BEE2969583715BFA584D073AC8D98C42
SHA256:5F92DB78E43986F063632FB2CFAFDCE73E5E7E64979900783CA9A00016933375
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
Process
Message
RedLine.MainPanel-cracked.exe
C:\Users\admin\AppData\Local\Temp\REDLINE CRACK LOADER.EXE
RedLine.MainPanel-cracked.exe
C:\Users\admin\AppData\Local\Temp\REDLINE.MAINPANEL-CRACKED.EXE
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Redline Stealer Cracked.rar