File name:

Redline stealer 2022 Crack.zip

Full analysis: https://app.any.run/tasks/bab428ab-9c27-4304-9c48-10006d9bdea6
Verdict: Malicious activity
Threats:

RedLine Stealer is a malicious program that collects users’ confidential data from browsers, systems, and installed software. It also infects operating systems with other malware.

Malware Trends Tracker     >>>
Analysis date: November 23, 2023, 12:36:04
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
redline
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

9F2B4AFA22391D606B3577CB8DFAC6FE

SHA1:

51F3E0D2CF684B8246F500534929706D61B6B842

SHA256:

91FDDF7CDF9462984D929296EB1F0ADD771532117E921EF85272FC12BC796C9E

SSDEEP:

98304:w+T6a7NCbD+Zr3of0LNhXvJIXrAFqHnpsezuW33p4dfx+MkuVV84mzmP76Yf2nZz:QqHRRvkP

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • REDLINE has been detected (YARA)

      • RedLine.MainPanel-cracked.exe (PID: 3468)

  • SUSPICIOUS

    • Reads the Internet Settings

      • RedLine.MainPanel-cracked.exe (PID: 3468)

  • INFO

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3204)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 3576)

    • Reads the computer name

      • RedLine.MainPanel-cracked.exe (PID: 3468)
      • wmpnscfg.exe (PID: 3576)
      • builder.exe (PID: 3660)

    • Checks supported languages

      • RedLine.MainPanel-cracked.exe (PID: 3468)
      • wmpnscfg.exe (PID: 3576)
      • builder.exe (PID: 3660)

    • Reads the machine GUID from the registry

      • RedLine.MainPanel-cracked.exe (PID: 3468)
      • wmpnscfg.exe (PID: 3576)

    • Reads Environment values

      • RedLine.MainPanel-cracked.exe (PID: 3468)

    • Checks proxy server information

      • RedLine.MainPanel-cracked.exe (PID: 3468)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2023:09:12 20:59:58
ZipCRC: 0x4e87ef64
ZipCompressedSize: 90
ZipUncompressedSize: 107
ZipFileName: Redline stealer 2022 Crack/gbpast - Login.url
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
44
Monitored processes
4
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs #REDLINE redline.mainpanel-cracked.exe no specs wmpnscfg.exe no specs builder.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3204"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\Redline stealer 2022 Crack.zip"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3468"C:\Users\admin\AppData\Local\Temp\Rar$EXa3204.47720\Redline stealer 2022 Crack\RedLine.MainPanel-cracked.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa3204.47720\Redline stealer 2022 Crack\RedLine.MainPanel-cracked.exe
WinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Description:
RedLinePanel
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa3204.47720\redline stealer 2022 crack\redline.mainpanel-cracked.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
3576"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ole32.dll
3660"C:\Users\admin\AppData\Local\Temp\Rar$EXa3204.47720\Redline stealer 2022 Crack\Libraries\builder.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa3204.47720\Redline stealer 2022 Crack\Libraries\builder.exeRedLine.MainPanel-cracked.exe
User:
admin
Integrity Level:
MEDIUM
Description:
builder
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa3204.47720\redline stealer 2022 crack\libraries\builder.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
3 988
Read events
3 928
Write events
56
Delete events
4

Modification events

(PID) Process:(3204) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\17A\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3204) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(3204) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3204) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3204) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3204) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3204) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3204) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3204) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3204) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
Executable files
16
Suspicious files
11
Text files
6
Unknown types
0

Dropped files

PID
Process
Filename
Type
3204WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3204.47720\Redline stealer 2022 Crack\Libraries\GuiLib.dllexecutable
MD5:EAF9C55793CD26F133708714ED3A5397
SHA256:87CFC70BEC2D2A37BCD5D46F9E6F0051F82E015FF96E8F2BC2D81B85F2632F15
3204WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3204.47720\Redline stealer 2022 Crack\learn all kind of hacking.urlbinary
MD5:7ADE4A739CBD8F44D0EF52A2F1BC6E7B
SHA256:CC7649ED53C65E4851ACE414529564FE16801BB2BED4CB15588BFD6B4AC13616
3204WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3204.47720\Redline stealer 2022 Crack\Libraries\builder.exeexecutable
MD5:DE6F68CDF350FCE9BE13803D84BE98C4
SHA256:51BBC69942823B84C2A1F0EFDB9D63FB04612B223E86AF8A83B4B307DD15CD24
3204WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3204.47720\Redline stealer 2022 Crack\Libraries\Loader.exeexecutable
MD5:CFF63E16C0F61DA3CF1329EBCF462773
SHA256:E3BD0202BA4C688CA4C5917BC6892808089246968FACF6FF8AF52028FB0FFF6E
3204WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3204.47720\Redline stealer 2022 Crack\Libraries\Mono.Cecil.Pdb.dllexecutable
MD5:6CD3ED3DB95D4671B866411DB4950853
SHA256:D67EBD49241041E6B6191703A90D89E68D4465ADCE02C595218B867DF34581A3
3204WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3204.47720\Redline stealer 2022 Crack\Libraries\Mono.Cecil.Mdb.pdbbinary
MD5:0BA762B6B5FBDA000E51D66722A3BB2C
SHA256:D18EB89421D50F079291B78783408CEE4BAB6810E4C5A4B191849265BDD5BA7C
3204WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3204.47720\Redline stealer 2022 Crack\Libraries\Mono.Cecil.Mdb.dllexecutable
MD5:DC80F588F513D998A5DF1CA415EDB700
SHA256:90CFC73BEFD43FC3FD876E23DCC3F5CE6E9D21D396BBB346513302E2215DB8C9
3204WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3204.47720\Redline stealer 2022 Crack\Libraries\Mono.Cecil.pdbbinary
MD5:C0A69F1B0C50D4F133CD0B278AC2A531
SHA256:A4F79C99D8923BD6C30EFAFA39363C18BABE95F6609BBAD242BCA44342CCC7BB
3204WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3204.47720\Redline stealer 2022 Crack\Libraries\Bunifu_UI_v1.52.dllexecutable
MD5:5ECA94D909F1BA4C5F3E35AC65A49076
SHA256:DE0E530D46C803D85B8AEB6D18816F1B09CB3DAFEFB5E19FDFA15C9F41E0F474
3204WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3204.47720\Redline stealer 2022 Crack\Libraries\Mono.Cecil.Rocks.dllexecutable
MD5:C8F36848CE8F13084B355C934FC91746
SHA256:A08C040912DF2A3C823ADE85D62239D56ABAA8F788A2684FB9D33961922687C7
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
8
DNS requests
2
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
828
svchost.exe
PROPFIND
200
185.235.129.102:80
http://blankhack.com/
unknown
html
35.5 Kb
unknown
828
svchost.exe
PROPFIND
200
185.235.129.102:80
http://blankhack.com/
unknown
html
35.5 Kb
unknown
828
svchost.exe
PROPFIND
200
185.235.129.102:80
http://blankhack.com/
unknown
html
35.5 Kb
unknown
828
svchost.exe
OPTIONS
185.235.129.102:80
http://blankhack.com/
unknown
unknown
828
svchost.exe
PROPFIND
200
185.235.129.102:80
http://blankhack.com/
unknown
html
35.5 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
868
svchost.exe
95.101.148.135:80
Akamai International B.V.
NL
unknown
868
svchost.exe
184.30.20.134:80
armmf.adobe.com
AKAMAI-AS
DE
unknown
828
svchost.exe
185.235.129.102:80
blankhack.com
Zomro B.V.
NL
unknown

DNS requests

Domain
IP
Reputation
armmf.adobe.com
  • 184.30.20.134
whitelisted
blankhack.com
  • 185.235.129.102
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Redline stealer 2022 Crack.zip