redline | 399cf5af7f474349a326acd048e86dab0eba9de5b3997bf89cd19070ddff27b7

Analysis

Target

malware.exe
Size

74KB
MD5

0b5852f4a8a2e6564d2ce5fcc2b1c1b6
SHA1

5816c57939a76f68b215d6cb1ff3b767e946e206
SHA256

399cf5af7f474349a326acd048e86dab0eba9de5b3997bf89cd19070ddff27b7
SHA512

3ae1db17db5d4573814f744d9431ead1cba2ef21da203bbc054eca7d766f3cf146543463b0be04ed64227ae3d1bfbaf12c08a81a7df8e0a40c385697af13e343

Score

10^/10

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine Payload 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2896-122-0x0000000006370000-0x00000000063A8000-memory.dmp	family_redline

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

malware.exe

description pid process

Token: SeDebugPrivilege 2896 malware.exe

description	pid	process
Token: SeDebugPrivilege	2896	malware.exe

C:\Users\Admin\AppData\Local\Temp\malware.exe
"C:\Users\Admin\AppData\Local\Temp\malware.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2896

memory/2896-115-0x0000000000FE0000-0x0000000000FE1000-memory.dmp

Filesize
4KB

Download
memory/2896-117-0x0000000005860000-0x0000000005861000-memory.dmp

Filesize
4KB

Download
memory/2896-120-0x00000000057B0000-0x00000000057B1000-memory.dmp

Filesize
4KB

Download
memory/2896-121-0x0000000006330000-0x000000000636C000-memory.dmp

Filesize
240KB

Download
memory/2896-122-0x0000000006370000-0x00000000063A8000-memory.dmp

Filesize
224KB

Download
memory/2896-123-0x0000000005840000-0x0000000005841000-memory.dmp

Filesize
4KB

Download
memory/2896-124-0x00000000069D0000-0x00000000069D1000-memory.dmp

Filesize
4KB

Download
memory/2896-125-0x0000000006460000-0x0000000006461000-memory.dmp

Filesize
4KB

Download
memory/2896-126-0x0000000006590000-0x0000000006591000-memory.dmp

Filesize
4KB

Download
memory/2896-127-0x00000000064C0000-0x00000000064C1000-memory.dmp

Filesize
4KB

Download
memory/2896-128-0x0000000006500000-0x0000000006501000-memory.dmp

Filesize
4KB

Download