Analysis
-
max time kernel
43s -
max time network
50s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
27-04-2022 14:08
Behavioral task
behavioral1
Sample
384-55-0x0000000002090000-0x00000000020C4000-memory.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
384-55-0x0000000002090000-0x00000000020C4000-memory.exe
Resource
win10v2004-20220414-en
General
-
Target
384-55-0x0000000002090000-0x00000000020C4000-memory.exe
-
Size
208KB
-
MD5
031c6a0277c2631bf61fb69b3d831c18
-
SHA1
6eb7938beca5be426082585dc4f0a4c5c1184d77
-
SHA256
8d7b8e23b4496a11187c1867b55e79757399c96acacc4d61d3f43cca53b88a26
-
SHA512
d6509fc912afd9ae8b5fe477196ff6b06d4a41927b627e2c74a6879250cbbc648a4d92d5add4159214630b031b1859ce9f56ff94d1812055f017b3d2faddff42
Malware Config
Extracted
redline
1
77.232.36.171:31078
-
auth_value
9570c1130d94c3bb18e6065c4cf89298
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1992-54-0x0000000000930000-0x0000000000964000-memory.dmp family_redline -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
384-55-0x0000000002090000-0x00000000020C4000-memory.exedescription pid process Token: SeDebugPrivilege 1992 384-55-0x0000000002090000-0x00000000020C4000-memory.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1992-54-0x0000000000930000-0x0000000000964000-memory.dmpFilesize
208KB