redline | 6bddff23f939f856441696aa0f18cd6ea909fbb848baa73431d5b96dc56d6029

Analysis

max time kernel
151s
max time network
154s
platform
windows10_x64
resource
win10-20220414-en
submitted
16-05-2022 18:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6bddff23f939f856441696aa0f18cd6ea909fbb848baa73431d5b96dc56d6029.exe
Size

429KB
MD5

1876e24c454da203867e249016740dfd
SHA1

c5590504f771ef9553a6ee3264297db9999cd4d4
SHA256

6bddff23f939f856441696aa0f18cd6ea909fbb848baa73431d5b96dc56d6029
SHA512

803b15a4e06cde83d60a6947bdece97d2f06bb51636a63289bb848714241fda3cbf3fd368994e0c1064599e78bbb0d8db62cd684f3f84efe63d3fc55b4d9813f

Score

10^/10

redline top infostealer

Malware Config

Extracted

Family

redline

Botnet

top

iclarinyerac.xyz:80

manellylarii.xyz:80

Attributes

auth_value
b66a08c69f913be894bbfce00805fab1

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

6bddff23f939f856441696aa0f18cd6ea909fbb848baa73431d5b96dc56d6029.exe

description pid process

Token: SeDebugPrivilege 1344 6bddff23f939f856441696aa0f18cd6ea909fbb848baa73431d5b96dc56d6029.exe

description	pid	process
Token: SeDebugPrivilege	1344	6bddff23f939f856441696aa0f18cd6ea909fbb848baa73431d5b96dc56d6029.exe

C:\Users\Admin\AppData\Local\Temp\6bddff23f939f856441696aa0f18cd6ea909fbb848baa73431d5b96dc56d6029.exe
"C:\Users\Admin\AppData\Local\Temp\6bddff23f939f856441696aa0f18cd6ea909fbb848baa73431d5b96dc56d6029.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1344-117-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-118-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-119-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-120-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-121-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-122-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-123-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-124-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-125-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-126-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-127-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-128-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-129-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-130-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-131-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-132-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-133-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-134-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-135-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-136-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-137-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-138-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-139-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-140-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-142-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-143-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-144-0x0000000002B90000-0x0000000002C3E000-memory.dmp

Filesize
696KB

Download
memory/1344-145-0x00000000048D0000-0x0000000004907000-memory.dmp

Filesize
220KB

Download
memory/1344-146-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-147-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-148-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-149-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-150-0x0000000000400000-0x0000000002B89000-memory.dmp

Filesize
39.5MB

Download
memory/1344-151-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-152-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-153-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-154-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-155-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-156-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-157-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-158-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-159-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-160-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-161-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-162-0x0000000004B30000-0x0000000004B60000-memory.dmp

Filesize
192KB

Download
memory/1344-163-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-164-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-165-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-166-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-167-0x0000000007410000-0x000000000790E000-memory.dmp

Filesize
5.0MB

Download
memory/1344-168-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-169-0x0000000004D10000-0x0000000004D3E000-memory.dmp

Filesize
184KB

Download
memory/1344-170-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-171-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-172-0x0000000007910000-0x0000000007F16000-memory.dmp

Filesize
6.0MB

Download
memory/1344-173-0x00000000072F0000-0x0000000007302000-memory.dmp

Filesize
72KB

Download
memory/1344-174-0x0000000007F20000-0x000000000802A000-memory.dmp

Filesize
1.0MB

Download
memory/1344-175-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-176-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-177-0x0000000007320000-0x000000000735E000-memory.dmp

Filesize
248KB

Download
memory/1344-178-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-179-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-180-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-181-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-182-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-183-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-184-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-185-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-186-0x00000000073B0000-0x00000000073FB000-memory.dmp

Filesize
300KB

Download
memory/1344-187-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-188-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-189-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-190-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-191-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download
memory/1344-192-0x0000000077CD0000-0x0000000077E5E000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads