redline | 7eefafe85ed6277d9c6abd81fa1ef7969c2ce6767c609baafc79206f78d13685

Analysis

max time kernel
76s
max time network
142s
platform
windows10_x64
resource
win10v20201028
submitted
19-03-2021 07:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0adaabe4a156ee49011937d128b7bfec.exe
Size

286KB
MD5

0adaabe4a156ee49011937d128b7bfec
SHA1

bb2bbf24fd2cdbe86f16c1bf08563886b73170bb
SHA256

7eefafe85ed6277d9c6abd81fa1ef7969c2ce6767c609baafc79206f78d13685
SHA512

eb5d1a6f2cfbf4d3b6d1a2b3aaf80ecb020b8acd3175a9bdea61b23e9d11555466133e4bd685a8c566c3e3576e0b28536636c3f848cf1dd0987ccd700b3140d7

Score

10^/10

redline infostealer

Malware Config

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

0adaabe4a156ee49011937d128b7bfec.exe

description pid process

Token: SeDebugPrivilege 4768 0adaabe4a156ee49011937d128b7bfec.exe

description	pid	process
Token: SeDebugPrivilege	4768	0adaabe4a156ee49011937d128b7bfec.exe

C:\Users\Admin\AppData\Local\Temp\0adaabe4a156ee49011937d128b7bfec.exe
"C:\Users\Admin\AppData\Local\Temp\0adaabe4a156ee49011937d128b7bfec.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4768-2-0x00000000026E0000-0x00000000026E1000-memory.dmp

Filesize
4KB

Download
memory/4768-3-0x00000000028B0000-0x00000000028B1000-memory.dmp

Filesize
4KB

Download
memory/4768-4-0x0000000073240000-0x000000007392E000-memory.dmp

Filesize
6.9MB

Download
memory/4768-5-0x0000000002630000-0x0000000002658000-memory.dmp

Filesize
160KB

Download
memory/4768-6-0x00000000009E0000-0x0000000000A15000-memory.dmp

Filesize
212KB

Download
memory/4768-8-0x0000000005022000-0x0000000005023000-memory.dmp

Filesize
4KB

Download
memory/4768-7-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/4768-9-0x0000000005023000-0x0000000005024000-memory.dmp

Filesize
4KB

Download
memory/4768-11-0x0000000005020000-0x0000000005021000-memory.dmp

Filesize
4KB

Download
memory/4768-10-0x0000000005030000-0x0000000005031000-memory.dmp

Filesize
4KB

Download
memory/4768-12-0x0000000002820000-0x0000000002847000-memory.dmp

Filesize
156KB

Download
memory/4768-13-0x00000000029B0000-0x00000000029B1000-memory.dmp

Filesize
4KB

Download
memory/4768-14-0x0000000005024000-0x0000000005026000-memory.dmp

Filesize
8KB

Download
memory/4768-15-0x0000000002A40000-0x0000000002A41000-memory.dmp

Filesize
4KB

Download
memory/4768-16-0x0000000005AF0000-0x0000000005AF1000-memory.dmp

Filesize
4KB

Download
memory/4768-17-0x0000000006150000-0x0000000006151000-memory.dmp

Filesize
4KB

Download
memory/4768-18-0x0000000006170000-0x0000000006171000-memory.dmp

Filesize
4KB

Download
memory/4768-19-0x00000000062E0000-0x00000000062E1000-memory.dmp

Filesize
4KB

Download
memory/4768-20-0x0000000006460000-0x0000000006461000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads