redline | 177e08a52ca6fb33c7e3212d8b996e6cae953503a742ad9e5b2380321277e541

Analysis

max time kernel
163s
max time network
159s
platform
windows10_x64
resource
win10-en-20211208
submitted
12-02-2022 12:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

177e08a52ca6fb33c7e3212d8b996e6cae953503a742ad9e5b2380321277e541.exe
Size

385KB
MD5

2561e301076b5c7f9e90d27547355891
SHA1

46a53cabf3fa4b3179077fa0834d42cdbf524fbd
SHA256

177e08a52ca6fb33c7e3212d8b996e6cae953503a742ad9e5b2380321277e541
SHA512

06ac1eb9de24f1ed1549642566edd458cc7ac19701023f4fa8c69729ccb2dba566757376e5465e6ea3d58b03542c678721ec9aff1267268dcce9718e21d021a8

Score

10^/10

redline noname infostealer

Malware Config

Extracted

Family

redline

Botnet

noname

185.215.113.29:20819

Attributes

auth_value
ee92d883673b7156fdd66cac5fc8d2d0

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine Payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/5112-120-0x00000000038F0000-0x0000000003924000-memory.dmp	family_redline
behavioral1/memory/5112-124-0x0000000003B60000-0x0000000003B92000-memory.dmp	family_redline

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

177e08a52ca6fb33c7e3212d8b996e6cae953503a742ad9e5b2380321277e541.exe

description pid process

Token: SeDebugPrivilege 5112 177e08a52ca6fb33c7e3212d8b996e6cae953503a742ad9e5b2380321277e541.exe

description	pid	process
Token: SeDebugPrivilege	5112	177e08a52ca6fb33c7e3212d8b996e6cae953503a742ad9e5b2380321277e541.exe

C:\Users\Admin\AppData\Local\Temp\177e08a52ca6fb33c7e3212d8b996e6cae953503a742ad9e5b2380321277e541.exe
"C:\Users\Admin\AppData\Local\Temp\177e08a52ca6fb33c7e3212d8b996e6cae953503a742ad9e5b2380321277e541.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5112-115-0x0000000003650000-0x000000000367B000-memory.dmp

Filesize
172KB

Download
memory/5112-116-0x0000000003680000-0x00000000036B9000-memory.dmp

Filesize
228KB

Download
memory/5112-117-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/5112-118-0x00000000730FE000-0x00000000730FF000-memory.dmp

Filesize
4KB

Download
memory/5112-119-0x0000000006050000-0x0000000006051000-memory.dmp

Filesize
4KB

Download
memory/5112-120-0x00000000038F0000-0x0000000003924000-memory.dmp

Filesize
208KB

Download
memory/5112-121-0x0000000006052000-0x0000000006053000-memory.dmp

Filesize
4KB

Download
memory/5112-122-0x0000000006053000-0x0000000006054000-memory.dmp

Filesize
4KB

Download
memory/5112-123-0x0000000006060000-0x000000000655E000-memory.dmp

Filesize
5.0MB

Download
memory/5112-124-0x0000000003B60000-0x0000000003B92000-memory.dmp

Filesize
200KB

Download
memory/5112-125-0x00000000067F0000-0x0000000006DF6000-memory.dmp

Filesize
6.0MB

Download
memory/5112-126-0x0000000006E80000-0x0000000006E92000-memory.dmp

Filesize
72KB

Download
memory/5112-127-0x0000000006EB0000-0x0000000006FBA000-memory.dmp

Filesize
1.0MB

Download
memory/5112-128-0x0000000006054000-0x0000000006056000-memory.dmp

Filesize
8KB

Download
memory/5112-129-0x0000000001A10000-0x0000000001A4E000-memory.dmp

Filesize
248KB

Download
memory/5112-130-0x0000000001DF0000-0x0000000001E3B000-memory.dmp

Filesize
300KB

Download
memory/5112-131-0x0000000001C00000-0x0000000001C66000-memory.dmp

Filesize
408KB

Download
memory/5112-132-0x0000000007490000-0x0000000007506000-memory.dmp

Filesize
472KB

Download
memory/5112-133-0x0000000007550000-0x00000000075E2000-memory.dmp

Filesize
584KB

Download