redline | 6087cbea917f0062401149be475a2d9440d00ce2a962d3be3b16f26264729233

Analysis

max time kernel
140s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-en-20220112
submitted
08-03-2022 19:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Trojan.PWS.Steam.26450.29302.exe
Size

1.1MB
MD5

1cb79dd340381e83c85a178c8a921b36
SHA1

3e8be81d4217a38a325058666395dcb32b122474
SHA256

6087cbea917f0062401149be475a2d9440d00ce2a962d3be3b16f26264729233
SHA512

f0425436b7df637bb9b886ea6759c3b225f1368a10dbdc890b3fc6ee5b3e5472f0d7da56bcf037d709c5d1ccbfdf516a18bde975f3f9165e278c89b5ac3a3766

Score

10^/10

redline bild infostealer

Malware Config

Extracted

Family

redline

Botnet

bild

95.216.21.217:19597

Attributes

auth_value
6a86304a315cc6a978ccb33feb915de5

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine Payload 5 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2628-130-0x0000000000ED0000-0x000000000100A000-memory.dmp	family_redline
behavioral2/memory/2628-131-0x0000000000ED0000-0x000000000100A000-memory.dmp	family_redline
behavioral2/memory/2628-133-0x0000000000ED0000-0x000000000100A000-memory.dmp	family_redline
behavioral2/memory/2628-136-0x0000000000ED0000-0x000000000100A000-memory.dmp	family_redline
behavioral2/memory/2628-139-0x0000000000ED0000-0x000000000100A000-memory.dmp	family_redline

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

SecuriteInfo.com.Trojan.PWS.Steam.26450.29302.exe

pid process

2628 SecuriteInfo.com.Trojan.PWS.Steam.26450.29302.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

SecuriteInfo.com.Trojan.PWS.Steam.26450.29302.exe

pid process

2628 SecuriteInfo.com.Trojan.PWS.Steam.26450.29302.exe
2628 SecuriteInfo.com.Trojan.PWS.Steam.26450.29302.exe

pid	process
2628	SecuriteInfo.com.Trojan.PWS.Steam.26450.29302.exe

pid	process
2628	SecuriteInfo.com.Trojan.PWS.Steam.26450.29302.exe
2628	SecuriteInfo.com.Trojan.PWS.Steam.26450.29302.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Steam.26450.29302.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Steam.26450.29302.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:2628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2628-130-0x0000000000ED0000-0x000000000100A000-memory.dmp

Filesize
1.2MB

Download
memory/2628-132-0x0000000002420000-0x0000000002466000-memory.dmp

Filesize
280KB

Download
memory/2628-131-0x0000000000ED0000-0x000000000100A000-memory.dmp

Filesize
1.2MB

Download
memory/2628-133-0x0000000000ED0000-0x000000000100A000-memory.dmp

Filesize
1.2MB

Download
memory/2628-134-0x0000000000550000-0x0000000000551000-memory.dmp

Filesize
4KB

Download
memory/2628-135-0x00000000755E0000-0x00000000757F5000-memory.dmp

Filesize
2.1MB

Download
memory/2628-136-0x0000000000ED0000-0x000000000100A000-memory.dmp

Filesize
1.2MB

Download
memory/2628-137-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download
memory/2628-138-0x00000000741C0000-0x0000000074970000-memory.dmp

Filesize
7.7MB

Download
memory/2628-139-0x0000000000ED0000-0x000000000100A000-memory.dmp

Filesize
1.2MB

Download
memory/2628-140-0x0000000072C50000-0x0000000072CD9000-memory.dmp

Filesize
548KB

Download
memory/2628-141-0x0000000076830000-0x0000000076DE3000-memory.dmp

Filesize
5.7MB

Download
memory/2628-142-0x00000000054E0000-0x0000000005AF8000-memory.dmp

Filesize
6.1MB

Download
memory/2628-143-0x0000000004EC0000-0x0000000004ED2000-memory.dmp

Filesize
72KB

Download
memory/2628-144-0x0000000004FF0000-0x00000000050FA000-memory.dmp

Filesize
1.0MB

Download
memory/2628-145-0x0000000004EC0000-0x00000000054D8000-memory.dmp

Filesize
6.1MB

Download
memory/2628-146-0x0000000004F50000-0x0000000004F8C000-memory.dmp

Filesize
240KB

Download
memory/2628-147-0x000000006E460000-0x000000006E4AC000-memory.dmp

Filesize
304KB

Download