redline | 8d7b8e23b4496a11187c1867b55e79757399c96acacc4d61d3f43cca53b88a26 | Triage

Analysis

max time kernel
43s
max time network
50s
platform
windows7_x64
resource
win7-20220414-en
submitted
27-04-2022 14:08

Sharing

Report Analysis Logs

General

Target

384-55-0x0000000002090000-0x00000000020C4000-memory.exe
Size

208KB
MD5

031c6a0277c2631bf61fb69b3d831c18
SHA1

6eb7938beca5be426082585dc4f0a4c5c1184d77
SHA256

8d7b8e23b4496a11187c1867b55e79757399c96acacc4d61d3f43cca53b88a26
SHA512

d6509fc912afd9ae8b5fe477196ff6b06d4a41927b627e2c74a6879250cbbc648a4d92d5add4159214630b031b1859ce9f56ff94d1812055f017b3d2faddff42

Score

10^/10

redline 1 infostealer

Malware Config

Extracted

Family

redline

Botnet

1

C2

77.232.36.171:31078

Attributes

auth_value
9570c1130d94c3bb18e6065c4cf89298

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine Payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1992-54-0x0000000000930000-0x0000000000964000-memory.dmp	family_redline

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

384-55-0x0000000002090000-0x00000000020C4000-memory.exe

description pid process

Token: SeDebugPrivilege 1992 384-55-0x0000000002090000-0x00000000020C4000-memory.exe

C:\Users\Admin\AppData\Local\Temp\384-55-0x0000000002090000-0x00000000020C4000-memory.exe
"C:\Users\Admin\AppData\Local\Temp\384-55-0x0000000002090000-0x00000000020C4000-memory.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1992

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1992-54-0x0000000000930000-0x0000000000964000-memory.dmp

Filesize
208KB

Download