redline | 3c913a1db7ff325a6670e0c7a43aef281ba91ce934b911af2858b3b40d266190

General

Target

SecuriteInfo.com.Trojan.PackedNET.540.1271.31865.exe
Size

922KB
MD5

e5d9d3e54ad6de4914eb6616193422c2
SHA1

eb9b0b4267ce8d5a42af6ddb7ae184b7f10cf414
SHA256

3c913a1db7ff325a6670e0c7a43aef281ba91ce934b911af2858b3b40d266190
SHA512

c1c4a506a0bff3f560093b02e898cba6f6faa311abdb91cf780a78c6cd6172cf31e6b99ff9f22677662a13b9857eb113f10518b5d7e62e82abd5a9280303bf1c

Score

10^/10

redline infostealer

Malware Config

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine Payload 3 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1636-9-0x0000000000423FBA-mapping.dmp	family_redline
behavioral1/memory/1636-8-0x0000000000400000-0x000000000042C000-memory.dmp	family_redline
behavioral1/memory/1636-11-0x0000000000400000-0x000000000042C000-memory.dmp	family_redline

Suspicious use of SetThreadContext 1 IoCs

Processes:

SecuriteInfo.com.Trojan.PackedNET.540.1271.31865.exe

description	pid	process	target process
PID 1084 set thread context of 1636	1084	SecuriteInfo.com.Trojan.PackedNET.540.1271.31865.exe	SecuriteInfo.com.Trojan.PackedNET.540.1271.31865.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

SecuriteInfo.com.Trojan.PackedNET.540.1271.31865.exe

description pid process

Token: SeDebugPrivilege 1636 SecuriteInfo.com.Trojan.PackedNET.540.1271.31865.exe

description	pid	process
Token: SeDebugPrivilege	1636	SecuriteInfo.com.Trojan.PackedNET.540.1271.31865.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

SecuriteInfo.com.Trojan.PackedNET.540.1271.31865.exe

description	pid	process	target process
PID 1084 wrote to memory of 1636	1084	SecuriteInfo.com.Trojan.PackedNET.540.1271.31865.exe	SecuriteInfo.com.Trojan.PackedNET.540.1271.31865.exe
PID 1084 wrote to memory of 1636	1084	SecuriteInfo.com.Trojan.PackedNET.540.1271.31865.exe	SecuriteInfo.com.Trojan.PackedNET.540.1271.31865.exe
PID 1084 wrote to memory of 1636	1084	SecuriteInfo.com.Trojan.PackedNET.540.1271.31865.exe	SecuriteInfo.com.Trojan.PackedNET.540.1271.31865.exe
PID 1084 wrote to memory of 1636	1084	SecuriteInfo.com.Trojan.PackedNET.540.1271.31865.exe	SecuriteInfo.com.Trojan.PackedNET.540.1271.31865.exe
PID 1084 wrote to memory of 1636	1084	SecuriteInfo.com.Trojan.PackedNET.540.1271.31865.exe	SecuriteInfo.com.Trojan.PackedNET.540.1271.31865.exe
PID 1084 wrote to memory of 1636	1084	SecuriteInfo.com.Trojan.PackedNET.540.1271.31865.exe	SecuriteInfo.com.Trojan.PackedNET.540.1271.31865.exe
PID 1084 wrote to memory of 1636	1084	SecuriteInfo.com.Trojan.PackedNET.540.1271.31865.exe	SecuriteInfo.com.Trojan.PackedNET.540.1271.31865.exe
PID 1084 wrote to memory of 1636	1084	SecuriteInfo.com.Trojan.PackedNET.540.1271.31865.exe	SecuriteInfo.com.Trojan.PackedNET.540.1271.31865.exe
PID 1084 wrote to memory of 1636	1084	SecuriteInfo.com.Trojan.PackedNET.540.1271.31865.exe	SecuriteInfo.com.Trojan.PackedNET.540.1271.31865.exe
PID 1084 wrote to memory of 1636	1084	SecuriteInfo.com.Trojan.PackedNET.540.1271.31865.exe	SecuriteInfo.com.Trojan.PackedNET.540.1271.31865.exe
PID 1084 wrote to memory of 1636	1084	SecuriteInfo.com.Trojan.PackedNET.540.1271.31865.exe	SecuriteInfo.com.Trojan.PackedNET.540.1271.31865.exe
PID 1084 wrote to memory of 1636	1084	SecuriteInfo.com.Trojan.PackedNET.540.1271.31865.exe	SecuriteInfo.com.Trojan.PackedNET.540.1271.31865.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.540.1271.31865.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.540.1271.31865.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1084

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.540.1271.31865.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.540.1271.31865.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:1636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1084-2-0x0000000074CC0000-0x00000000753AE000-memory.dmp

Filesize
6.9MB

Download
memory/1084-3-0x0000000000B60000-0x0000000000B61000-memory.dmp

Filesize
4KB

Download
memory/1084-5-0x0000000004E20000-0x0000000004E21000-memory.dmp

Filesize
4KB

Download
memory/1084-6-0x0000000000480000-0x0000000000484000-memory.dmp

Filesize
16KB

Download
memory/1084-7-0x0000000004C60000-0x0000000004CB5000-memory.dmp

Filesize
340KB

Download
memory/1636-9-0x0000000000423FBA-mapping.dmp

Download
memory/1636-8-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1636-10-0x0000000074CC0000-0x00000000753AE000-memory.dmp

Filesize
6.9MB

Download
memory/1636-11-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1636-13-0x0000000004C80000-0x0000000004C81000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads