redline | 7f59d4ff8e2b29d3724ad3b63e4b78325aa561bdf97e976cc22be5a6560b0fcb

Analysis

Target

7f59d4ff8e2b29d3724ad3b63e4b78325aa561bdf97e976cc22be5a6560b0fcb.exe
Size

405KB
MD5

7ab06523c723b404d665c5127a8ce92e
SHA1

89dcf4664f1dca36f146815e98b19e434b09acc5
SHA256

7f59d4ff8e2b29d3724ad3b63e4b78325aa561bdf97e976cc22be5a6560b0fcb
SHA512

0891fc640d0038788a2d396eaef8aa42365c85c2c10384ec28917da2af40c8df66aad4ad7f2dac6cbc9d9a315898b75cf26692a82a7f8a3bdcd116ce2bf786ee

Score

10^/10

Family

redline

Botnet

UDP

45.9.20.182:52236

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine Payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1832-119-0x0000000004E50000-0x0000000004E6F000-memory.dmp	family_redline
behavioral1/memory/1832-121-0x0000000004FE0000-0x0000000004FFD000-memory.dmp	family_redline

C:\Users\Admin\AppData\Local\Temp\7f59d4ff8e2b29d3724ad3b63e4b78325aa561bdf97e976cc22be5a6560b0fcb.exe
"C:\Users\Admin\AppData\Local\Temp\7f59d4ff8e2b29d3724ad3b63e4b78325aa561bdf97e976cc22be5a6560b0fcb.exe"
1⤵
PID:1832

memory/1832-115-0x00000000030B1000-0x00000000030D4000-memory.dmp

Filesize
140KB

Download
memory/1832-116-0x0000000002DC0000-0x0000000002F0A000-memory.dmp

Filesize
1.3MB

Download
memory/1832-117-0x0000000000400000-0x0000000002DBC000-memory.dmp

Filesize
41.7MB

Download
memory/1832-118-0x00000000075E0000-0x00000000075E1000-memory.dmp

Filesize
4KB

Download
memory/1832-119-0x0000000004E50000-0x0000000004E6F000-memory.dmp

Filesize
124KB

Download
memory/1832-120-0x00000000075F0000-0x00000000075F1000-memory.dmp

Filesize
4KB

Download
memory/1832-121-0x0000000004FE0000-0x0000000004FFD000-memory.dmp

Filesize
116KB

Download
memory/1832-122-0x0000000007AF0000-0x0000000007AF1000-memory.dmp

Filesize
4KB

Download
memory/1832-123-0x00000000075E2000-0x00000000075E3000-memory.dmp

Filesize
4KB

Download
memory/1832-124-0x00000000075E3000-0x00000000075E4000-memory.dmp

Filesize
4KB

Download
memory/1832-125-0x00000000074F0000-0x00000000074F1000-memory.dmp

Filesize
4KB

Download
memory/1832-126-0x0000000008100000-0x0000000008101000-memory.dmp

Filesize
4KB

Download
memory/1832-127-0x0000000007510000-0x0000000007511000-memory.dmp

Filesize
4KB

Download
memory/1832-128-0x00000000075E4000-0x00000000075E6000-memory.dmp

Filesize
8KB

Download
memory/1832-129-0x0000000007580000-0x0000000007581000-memory.dmp

Filesize
4KB

Download