redline | f75d6ee676e63208489f05cd8c82d44fdda74b5752963e3967071f2d2d080113

Analysis

Target

udptest.exe
Size

240KB
MD5

265717bdcb626127fdb7e62b018e963c
SHA1

d9d70e33380e33caa8c48b6a4ba7a4fe08ecafe5
SHA256

e102abb40eb0795f838749e262c4e94af6df4213832b1d055b727cbc50f3a8ee
SHA512

f9c3656bb1e9848620990ca2ee8c163f32c2259774cf21ff78979ba1318daabb672ba1a67924b90d55cce8b579830bf31db32e2da83a09b51916c60ca157f362

Score

10^/10

Family

redline

Botnet

test

193.56.146.78:51487

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine Payload 2 IoCs

Processes:

resource	yara_rule
behavioral31/memory/564-62-0x00000000039B0000-0x00000000039CD000-memory.dmp	family_redline
behavioral31/memory/564-66-0x00000000039D0000-0x00000000039EC000-memory.dmp	family_redline

C:\Users\Admin\AppData\Local\Temp\udptest.exe
"C:\Users\Admin\AppData\Local\Temp\udptest.exe"
1⤵
PID:564

memory/564-60-0x00000000002B0000-0x00000000002E0000-memory.dmp

Filesize
192KB

Download
memory/564-61-0x0000000000400000-0x0000000001D88000-memory.dmp

Filesize
25.5MB

Download
memory/564-62-0x00000000039B0000-0x00000000039CD000-memory.dmp

Filesize
116KB

Download
memory/564-63-0x0000000003B11000-0x0000000003B12000-memory.dmp

Filesize
4KB

Download
memory/564-65-0x0000000003B13000-0x0000000003B14000-memory.dmp

Filesize
4KB

Download
memory/564-64-0x0000000003B12000-0x0000000003B13000-memory.dmp

Filesize
4KB

Download
memory/564-66-0x00000000039D0000-0x00000000039EC000-memory.dmp

Filesize
112KB

Download
memory/564-67-0x0000000003B14000-0x0000000003B16000-memory.dmp

Filesize
8KB

Download