redline | 1b0c7854f38da7c04821ddf0521c4aa716f4abd7b7b7cd12fdfcd0c9134d09dd | Triage

Analysis

max time kernel
137s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
13-05-2022 01:04

Sharing

Report Analysis Logs

General

Target

1032-55-0x0000000002030000-0x000000000205E000-memory.exe
Size

184KB
MD5

f0dc982d7ae9c1dbf203ea4271561191
SHA1

3d6d5414b3413fcfd1587d5f0a6dc96e9a6d53d9
SHA256

1b0c7854f38da7c04821ddf0521c4aa716f4abd7b7b7cd12fdfcd0c9134d09dd
SHA512

ee89460d076acfc7c08f526ee5b54eac0d0513230f23220d1ebc6e1ea0289dbffdc07a89b3a56df756883decd24a534e59cdbe818ad532c82c17ce01f402dfa0

Score

10^/10

redline 777 infostealer

Malware Config

Extracted

Family

redline

Botnet

777

C2

190.2.145.71:26414

Attributes

auth_value
95fc36a53c042abc459d9368e4f933a4

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

1032-55-0x0000000002030000-0x000000000205E000-memory.exe

description pid process

Token: SeDebugPrivilege 2300 1032-55-0x0000000002030000-0x000000000205E000-memory.exe

C:\Users\Admin\AppData\Local\Temp\1032-55-0x0000000002030000-0x000000000205E000-memory.exe
"C:\Users\Admin\AppData\Local\Temp\1032-55-0x0000000002030000-0x000000000205E000-memory.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2300-130-0x0000000000D90000-0x0000000000DBE000-memory.dmp

Filesize
184KB

Download