redline | 7eefafe85ed6277d9c6abd81fa1ef7969c2ce6767c609baafc79206f78d13685

Analysis

Target

0adaabe4a156ee49011937d128b7bfec.exe
Size

286KB
MD5

0adaabe4a156ee49011937d128b7bfec
SHA1

bb2bbf24fd2cdbe86f16c1bf08563886b73170bb
SHA256

7eefafe85ed6277d9c6abd81fa1ef7969c2ce6767c609baafc79206f78d13685
SHA512

eb5d1a6f2cfbf4d3b6d1a2b3aaf80ecb020b8acd3175a9bdea61b23e9d11555466133e4bd685a8c566c3e3576e0b28536636c3f848cf1dd0987ccd700b3140d7

Score

10^/10

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

0adaabe4a156ee49011937d128b7bfec.exe

description pid process

Token: SeDebugPrivilege 1872 0adaabe4a156ee49011937d128b7bfec.exe

description	pid	process
Token: SeDebugPrivilege	1872	0adaabe4a156ee49011937d128b7bfec.exe

C:\Users\Admin\AppData\Local\Temp\0adaabe4a156ee49011937d128b7bfec.exe
"C:\Users\Admin\AppData\Local\Temp\0adaabe4a156ee49011937d128b7bfec.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1872

memory/1872-2-0x0000000002120000-0x0000000002131000-memory.dmp

Filesize
68KB

Download
memory/1872-3-0x0000000002330000-0x0000000002341000-memory.dmp

Filesize
68KB

Download
memory/1872-4-0x0000000074350000-0x0000000074A3E000-memory.dmp

Filesize
6.9MB

Download
memory/1872-5-0x00000000021F0000-0x0000000002218000-memory.dmp

Filesize
160KB

Download
memory/1872-6-0x0000000000300000-0x0000000000335000-memory.dmp

Filesize
212KB

Download
memory/1872-7-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/1872-8-0x0000000004E61000-0x0000000004E62000-memory.dmp

Filesize
4KB

Download
memory/1872-9-0x0000000004E62000-0x0000000004E63000-memory.dmp

Filesize
4KB

Download
memory/1872-10-0x0000000002430000-0x0000000002457000-memory.dmp

Filesize
156KB

Download
memory/1872-11-0x0000000004E63000-0x0000000004E64000-memory.dmp

Filesize
4KB

Download
memory/1872-12-0x0000000004E64000-0x0000000004E66000-memory.dmp

Filesize
8KB

Download