redline | fe9c2d372b2c9dfc51642c55248c4d193ac72ef6c938023626cd46383405e51c

General

Target

setup/AISetup-Crack.exe
Size

2.4MB
MD5

632c411467cb6300f1386c563b138778
SHA1

dc8f21dc53c8ef420cd417d2baf531567d9a21ce
SHA256

d49afecb53d0779d6767571c6576d6c1a5529cb6470a0262971b7e00724a7c6a
SHA512

043e4d05d0e1b3283fac0a944842ec5ac23329ae110eefeb18c2af2d2682451e35a2950533bd2ffcf502dc2991efd2a15946a4fd281068e40cf969de1fbe0f66

Score

10^/10

redline discovery infostealer spyware stealer

Malware Config

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine Payload 4 IoCs

Processes:

resource	yara_rule
behavioral1/memory/304-57-0x0000000000930000-0x0000000000B74000-memory.dmp	family_redline
behavioral1/memory/304-56-0x0000000000930000-0x0000000000B74000-memory.dmp	family_redline
behavioral1/memory/304-64-0x0000000000930000-0x0000000000B74000-memory.dmp	family_redline
behavioral1/memory/304-68-0x0000000000930000-0x0000000000B74000-memory.dmp	family_redline

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

AISetup-Crack.exe

description pid process

Token: SeDebugPrivilege 304 AISetup-Crack.exe

description	pid	process
Token: SeDebugPrivilege	304	AISetup-Crack.exe

C:\Users\Admin\AppData\Local\Temp\setup\AISetup-Crack.exe
"C:\Users\Admin\AppData\Local\Temp\setup\AISetup-Crack.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:304

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

2

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/304-54-0x0000000075311000-0x0000000075313000-memory.dmp

Filesize
8KB

Download
memory/304-55-0x0000000074B70000-0x0000000074BBA000-memory.dmp

Filesize
296KB

Download
memory/304-57-0x0000000000930000-0x0000000000B74000-memory.dmp

Filesize
2.3MB

Download
memory/304-56-0x0000000000930000-0x0000000000B74000-memory.dmp

Filesize
2.3MB

Download
memory/304-59-0x0000000076CA0000-0x0000000076D4C000-memory.dmp

Filesize
688KB

Download
memory/304-60-0x0000000076C50000-0x0000000076C97000-memory.dmp

Filesize
284KB

Download
memory/304-61-0x0000000074F10000-0x0000000074F67000-memory.dmp

Filesize
348KB

Download
memory/304-62-0x0000000074AD0000-0x0000000074AD9000-memory.dmp

Filesize
36KB

Download
memory/304-63-0x0000000000240000-0x0000000000282000-memory.dmp

Filesize
264KB

Download
memory/304-64-0x0000000000930000-0x0000000000B74000-memory.dmp

Filesize
2.3MB

Download
memory/304-65-0x0000000076C50000-0x0000000076C97000-memory.dmp

Filesize
284KB

Download
memory/304-67-0x0000000076290000-0x00000000763EC000-memory.dmp

Filesize
1.4MB

Download
memory/304-68-0x0000000000930000-0x0000000000B74000-memory.dmp

Filesize
2.3MB

Download
memory/304-69-0x0000000076BC0000-0x0000000076C4F000-memory.dmp

Filesize
572KB

Download
memory/304-70-0x0000000074A40000-0x0000000074AC0000-memory.dmp

Filesize
512KB

Download
memory/304-71-0x0000000075310000-0x0000000075F5A000-memory.dmp

Filesize
12.3MB

Download
memory/304-72-0x0000000073AD0000-0x0000000073AE7000-memory.dmp

Filesize
92KB

Download
memory/304-73-0x0000000076500000-0x0000000076535000-memory.dmp

Filesize
212KB

Download
memory/304-74-0x000000006BE80000-0x000000006C010000-memory.dmp

Filesize
1.6MB

Download
memory/304-75-0x000000006A960000-0x000000006A977000-memory.dmp

Filesize
92KB

Download

Analysis

Sharing