redline | d946346ab664704d592158a3ad2de706d92b9301ac95982f224f2069f39f1c2c

Analysis

Target

d0cf776ea71c1d2c10b0fe9e6da3dd3a.exe
Size

364KB
MD5

d0cf776ea71c1d2c10b0fe9e6da3dd3a
SHA1

483623f7a2e9f4073c25e45d72647728fe5e2cd4
SHA256

d946346ab664704d592158a3ad2de706d92b9301ac95982f224f2069f39f1c2c
SHA512

629e7d096a17f20ac657bd862b427ef0c9c1dd228d7e90be4b855ca561104f722bfd58e9c7a7344b5feb9e0e4f3fa3ba07bc1ee6b7c0030ad8fb26d1917307de

Score

10^/10

Family

redline

Botnet

paladin

188.68.201.6:10085

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine Payload 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3724-118-0x0000000004F10000-0x0000000004F3F000-memory.dmp	family_redline
behavioral2/memory/3724-120-0x0000000005170000-0x000000000519E000-memory.dmp	family_redline

C:\Users\Admin\AppData\Local\Temp\d0cf776ea71c1d2c10b0fe9e6da3dd3a.exe
"C:\Users\Admin\AppData\Local\Temp\d0cf776ea71c1d2c10b0fe9e6da3dd3a.exe"
1⤵
PID:3724

memory/3724-116-0x0000000002F30000-0x0000000002FDE000-memory.dmp

Filesize
696KB

Download
memory/3724-117-0x0000000002FF0000-0x000000000313A000-memory.dmp

Filesize
1.3MB

Download
memory/3724-118-0x0000000004F10000-0x0000000004F3F000-memory.dmp

Filesize
188KB

Download
memory/3724-119-0x0000000007630000-0x0000000007631000-memory.dmp

Filesize
4KB

Download
memory/3724-120-0x0000000005170000-0x000000000519E000-memory.dmp

Filesize
184KB

Download
memory/3724-121-0x0000000007B70000-0x0000000007B71000-memory.dmp

Filesize
4KB

Download
memory/3724-122-0x00000000081D0000-0x00000000081D1000-memory.dmp

Filesize
4KB

Download
memory/3724-123-0x0000000008200000-0x0000000008201000-memory.dmp

Filesize
4KB

Download
memory/3724-124-0x0000000000400000-0x0000000002F21000-memory.dmp

Filesize
43.1MB

Download
memory/3724-125-0x0000000007620000-0x0000000007621000-memory.dmp

Filesize
4KB

Download
memory/3724-127-0x0000000007623000-0x0000000007624000-memory.dmp

Filesize
4KB

Download
memory/3724-126-0x0000000007622000-0x0000000007623000-memory.dmp

Filesize
4KB

Download
memory/3724-128-0x0000000007624000-0x0000000007626000-memory.dmp

Filesize
8KB

Download
memory/3724-129-0x0000000008310000-0x0000000008311000-memory.dmp

Filesize
4KB

Download
memory/3724-130-0x0000000008390000-0x0000000008391000-memory.dmp

Filesize
4KB

Download