redline | a9c0d0616ae668762302b32276535eb92f09efb470ddfd7f6edbd2ac085bdd23

General

Target

SecuriteInfo.com.Trojan.InjectNET.14.6656.5495.exe
Size

592KB
MD5

ab3b477988b6df60f7d42202f6b0c2c1
SHA1

45eaca4973528c65b27a96f5078c56694f4543de
SHA256

a9c0d0616ae668762302b32276535eb92f09efb470ddfd7f6edbd2ac085bdd23
SHA512

77c5577d3db53b3a6758a2fe2aef42814467a30aeb51d35b30fd148c80bb425dce13b8a52d4bf077561396d0d1d752736b95113082c52c33f96ec6772c2c8fd8

Score

10^/10

redline infostealer

Malware Config

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine Payload 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2896-12-0x0000000000400000-0x0000000000426000-memory.dmp	family_redline
behavioral2/memory/2896-13-0x000000000041E1AA-mapping.dmp	family_redline

Suspicious use of SetThreadContext 1 IoCs

Processes:

SecuriteInfo.com.Trojan.InjectNET.14.6656.5495.exe

description	pid	process	target process
PID 636 set thread context of 2896	636	SecuriteInfo.com.Trojan.InjectNET.14.6656.5495.exe	SecuriteInfo.com.Trojan.InjectNET.14.6656.5495.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

SecuriteInfo.com.Trojan.InjectNET.14.6656.5495.exe

description pid process

Token: SeDebugPrivilege 2896 SecuriteInfo.com.Trojan.InjectNET.14.6656.5495.exe

description	pid	process
Token: SeDebugPrivilege	2896	SecuriteInfo.com.Trojan.InjectNET.14.6656.5495.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

SecuriteInfo.com.Trojan.InjectNET.14.6656.5495.exe

description	pid	process	target process
PID 636 wrote to memory of 2896	636	SecuriteInfo.com.Trojan.InjectNET.14.6656.5495.exe	SecuriteInfo.com.Trojan.InjectNET.14.6656.5495.exe
PID 636 wrote to memory of 2896	636	SecuriteInfo.com.Trojan.InjectNET.14.6656.5495.exe	SecuriteInfo.com.Trojan.InjectNET.14.6656.5495.exe
PID 636 wrote to memory of 2896	636	SecuriteInfo.com.Trojan.InjectNET.14.6656.5495.exe	SecuriteInfo.com.Trojan.InjectNET.14.6656.5495.exe
PID 636 wrote to memory of 2896	636	SecuriteInfo.com.Trojan.InjectNET.14.6656.5495.exe	SecuriteInfo.com.Trojan.InjectNET.14.6656.5495.exe
PID 636 wrote to memory of 2896	636	SecuriteInfo.com.Trojan.InjectNET.14.6656.5495.exe	SecuriteInfo.com.Trojan.InjectNET.14.6656.5495.exe
PID 636 wrote to memory of 2896	636	SecuriteInfo.com.Trojan.InjectNET.14.6656.5495.exe	SecuriteInfo.com.Trojan.InjectNET.14.6656.5495.exe
PID 636 wrote to memory of 2896	636	SecuriteInfo.com.Trojan.InjectNET.14.6656.5495.exe	SecuriteInfo.com.Trojan.InjectNET.14.6656.5495.exe
PID 636 wrote to memory of 2896	636	SecuriteInfo.com.Trojan.InjectNET.14.6656.5495.exe	SecuriteInfo.com.Trojan.InjectNET.14.6656.5495.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.InjectNET.14.6656.5495.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.InjectNET.14.6656.5495.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:636

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.InjectNET.14.6656.5495.exe
"{path}"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Trojan.InjectNET.14.6656.5495.exe.log
MD5
0c2899d7c6746f42d5bbe088c777f94c

SHA1
622f66c5f7a3c91b28a9f43ce7c6cabadbf514f1

SHA256
5b0b99740cadaeff7b9891136644b396941547e20cc7eea646560d0dad5a5458

SHA512
ab7a3409ed4b6ca00358330a3aa4ef6de7d81eb21a5e24bb629ef6a7c7c4e2a70ca3accfbc989ed6e495fdb8eb6203a26d6f2a37b2a5809af4276af375b49078

Download Submit
memory/636-2-0x0000000073F80000-0x000000007466E000-memory.dmp

Filesize
6.9MB

Download
memory/636-3-0x0000000000970000-0x0000000000971000-memory.dmp

Filesize
4KB

Download
memory/636-5-0x0000000005800000-0x0000000005801000-memory.dmp

Filesize
4KB

Download
memory/636-6-0x00000000053A0000-0x00000000053A1000-memory.dmp

Filesize
4KB

Download
memory/636-7-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/636-8-0x0000000005600000-0x0000000005601000-memory.dmp

Filesize
4KB

Download
memory/636-9-0x00000000088C0000-0x00000000088C1000-memory.dmp

Filesize
4KB

Download
memory/636-10-0x00000000057A0000-0x00000000057AB000-memory.dmp

Filesize
44KB

Download
memory/636-11-0x0000000008AA0000-0x0000000008AE6000-memory.dmp

Filesize
280KB

Download
memory/2896-13-0x000000000041E1AA-mapping.dmp

Download
memory/2896-12-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2896-15-0x0000000073F80000-0x000000007466E000-memory.dmp

Filesize
6.9MB

Download
memory/2896-18-0x0000000005760000-0x0000000005761000-memory.dmp

Filesize
4KB

Download
memory/2896-19-0x0000000005740000-0x0000000005741000-memory.dmp

Filesize
4KB

Download
memory/2896-20-0x0000000005D10000-0x0000000005D11000-memory.dmp

Filesize
4KB

Download
memory/2896-21-0x00000000064C0000-0x00000000064C1000-memory.dmp

Filesize
4KB

Download
memory/2896-22-0x0000000005F60000-0x0000000005F61000-memory.dmp

Filesize
4KB

Download
memory/2896-23-0x0000000005FC0000-0x0000000005FC1000-memory.dmp

Filesize
4KB

Download
memory/2896-24-0x0000000006000000-0x0000000006001000-memory.dmp

Filesize
4KB

Download
memory/2896-25-0x0000000006260000-0x0000000006261000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads