redline | b15e9467a113c3213e15ddb52f7f837c574553bb89457e6433ef624b650027d5

Analysis

max time kernel
150s
max time network
153s
platform
windows10_x64
resource
win10-20220414-en
submitted
23-05-2022 23:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b15e9467a113c3213e15ddb52f7f837c574553bb89457e6433ef624b650027d5.exe
Size

382KB
MD5

320ee76e356cb9c38994f92788ee14b5
SHA1

69c239ddfda1acf50d9a05141b64925041ca842d
SHA256

b15e9467a113c3213e15ddb52f7f837c574553bb89457e6433ef624b650027d5
SHA512

994f71e3c68c45d9a1e2f60c98fd0c5366b2df36f37cb574a07bf576bf24a8b359069abd45b26934c5c7d3bbaeb05ed33fce35b5915e5de51cdebeb8acbc23fd

Score

10^/10

redline test1 infostealer

Malware Config

Extracted

Family

redline

Botnet

test1

185.215.113.75:80

Attributes

auth_value
7ab4a4e2eae9eb7ae10f64f68df53bb3

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

b15e9467a113c3213e15ddb52f7f837c574553bb89457e6433ef624b650027d5.exe

description pid process

Token: SeDebugPrivilege 1660 b15e9467a113c3213e15ddb52f7f837c574553bb89457e6433ef624b650027d5.exe

description	pid	process
Token: SeDebugPrivilege	1660	b15e9467a113c3213e15ddb52f7f837c574553bb89457e6433ef624b650027d5.exe

C:\Users\Admin\AppData\Local\Temp\b15e9467a113c3213e15ddb52f7f837c574553bb89457e6433ef624b650027d5.exe
"C:\Users\Admin\AppData\Local\Temp\b15e9467a113c3213e15ddb52f7f837c574553bb89457e6433ef624b650027d5.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1660-118-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-119-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-120-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-121-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-122-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-123-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-124-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-125-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-126-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-127-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-128-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-129-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-130-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-131-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-132-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-133-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-134-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-135-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-136-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-137-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-138-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-139-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-140-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-141-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-142-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-143-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-144-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-145-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-146-0x0000000000BDA000-0x0000000000C04000-memory.dmp

Filesize
168KB

Download
memory/1660-147-0x0000000002660000-0x0000000002697000-memory.dmp

Filesize
220KB

Download
memory/1660-148-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-149-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-150-0x0000000000400000-0x0000000000928000-memory.dmp

Filesize
5.2MB

Download
memory/1660-151-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-152-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-153-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-154-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-155-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-156-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-157-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-158-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-159-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-160-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-161-0x0000000002740000-0x0000000002770000-memory.dmp

Filesize
192KB

Download
memory/1660-162-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-163-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-164-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-165-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-166-0x0000000005080000-0x000000000557E000-memory.dmp

Filesize
5.0MB

Download
memory/1660-167-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-168-0x00000000029F0000-0x0000000002A1E000-memory.dmp

Filesize
184KB

Download
memory/1660-169-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-170-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-171-0x0000000005580000-0x0000000005B86000-memory.dmp

Filesize
6.0MB

Download
memory/1660-172-0x0000000002A60000-0x0000000002A72000-memory.dmp

Filesize
72KB

Download
memory/1660-173-0x0000000005BE0000-0x0000000005CEA000-memory.dmp

Filesize
1.0MB

Download
memory/1660-174-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-175-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-176-0x0000000005CF0000-0x0000000005D2E000-memory.dmp

Filesize
248KB

Download
memory/1660-177-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-178-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-179-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-180-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-181-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-182-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-183-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-184-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-185-0x0000000005D80000-0x0000000005DCB000-memory.dmp

Filesize
300KB

Download
memory/1660-186-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-187-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-188-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1660-189-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads