redline | 216c3ea136e59d312069d2a354b1dfa5deb6f71c63f78aafd551ab586bc303e5

Analysis

max time kernel
169s
max time network
185s
platform
windows10_x64
resource
win10-20220414-en
submitted
23-05-2022 13:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

216c3ea136e59d312069d2a354b1dfa5deb6f71c63f78aafd551ab586bc303e5.exe
Size

379KB
MD5

b3bd1ce26f287b35d941b098b08f00e4
SHA1

b888ecd3ed0f24aae70e218720818553fa96ac17
SHA256

216c3ea136e59d312069d2a354b1dfa5deb6f71c63f78aafd551ab586bc303e5
SHA512

b9b551a956d2aa13a3cd05a73513f32935f98f7f146b0ef533167ff114be30fc270a03ccaac21ac6f2bef3eb4734d65aa93f07c5fdf9a1eeade34de8f433d74a

Score

10^/10

redline test1 infostealer

Malware Config

Extracted

Family

redline

Botnet

test1

185.215.113.75:80

Attributes

auth_value
7ab4a4e2eae9eb7ae10f64f68df53bb3

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

216c3ea136e59d312069d2a354b1dfa5deb6f71c63f78aafd551ab586bc303e5.exe

description pid process

Token: SeDebugPrivilege 2012 216c3ea136e59d312069d2a354b1dfa5deb6f71c63f78aafd551ab586bc303e5.exe

description	pid	process
Token: SeDebugPrivilege	2012	216c3ea136e59d312069d2a354b1dfa5deb6f71c63f78aafd551ab586bc303e5.exe

C:\Users\Admin\AppData\Local\Temp\216c3ea136e59d312069d2a354b1dfa5deb6f71c63f78aafd551ab586bc303e5.exe
"C:\Users\Admin\AppData\Local\Temp\216c3ea136e59d312069d2a354b1dfa5deb6f71c63f78aafd551ab586bc303e5.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2012-117-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-118-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-119-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-120-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-121-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-122-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-123-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-124-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-125-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-126-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-127-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-128-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-129-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-130-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-131-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-132-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-133-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-134-0x0000000000631000-0x000000000065B000-memory.dmp

Filesize
168KB

Download
memory/2012-135-0x0000000000860000-0x0000000000897000-memory.dmp

Filesize
220KB

Download
memory/2012-136-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-137-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-138-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-140-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-139-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-141-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-142-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-143-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-144-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-145-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-146-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download
memory/2012-147-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-148-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-149-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-150-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-151-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-152-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-153-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-154-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-155-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-156-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-157-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-158-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-159-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-160-0x00000000024A0000-0x00000000024D0000-memory.dmp

Filesize
192KB

Download
memory/2012-161-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-162-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-163-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-164-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-165-0x0000000004C30000-0x000000000512E000-memory.dmp

Filesize
5.0MB

Download
memory/2012-166-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-167-0x0000000002610000-0x000000000263E000-memory.dmp

Filesize
184KB

Download
memory/2012-168-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-169-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-170-0x0000000005130000-0x0000000005736000-memory.dmp

Filesize
6.0MB

Download
memory/2012-171-0x0000000005740000-0x0000000005752000-memory.dmp

Filesize
72KB

Download
memory/2012-172-0x0000000005760000-0x000000000586A000-memory.dmp

Filesize
1.0MB

Download
memory/2012-173-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-174-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-175-0x0000000005870000-0x00000000058AE000-memory.dmp

Filesize
248KB

Download
memory/2012-176-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-177-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-178-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-179-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-180-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-181-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-182-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-183-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-184-0x0000000005900000-0x000000000594B000-memory.dmp

Filesize
300KB

Download
memory/2012-185-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-186-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-187-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download
memory/2012-188-0x0000000077E20000-0x0000000077FAE000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads