redline | 4ae2c9fe2e06741ddcb1fc6112fc834011e9ac054d851a5a3a8301c5c1c4bf58 | Triage

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
23-05-2022 18:52

Sharing

Report Analysis Logs

General

Target

1684-55-0x0000000001ED0000-0x0000000001F02000-memory.exe
Size

200KB
MD5

038ca458ecc3d2731f09dc219644f047
SHA1

2ce33af6fb9d00344c524af3192deb5371c41594
SHA256

4ae2c9fe2e06741ddcb1fc6112fc834011e9ac054d851a5a3a8301c5c1c4bf58
SHA512

5f6e890a296fdef00088270f2c2ff26461ac37e5ffa2c354db52d5a955fccb40c04295d594607166c38d20cb73b283dfa4ca849ede759899d410f8790c5c1da8

Score

10^/10

redline infostealer

Malware Config

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine Payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1392-54-0x0000000000AF0000-0x0000000000B22000-memory.dmp	family_redline

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

1684-55-0x0000000001ED0000-0x0000000001F02000-memory.exe

description pid process

Token: SeDebugPrivilege 1392 1684-55-0x0000000001ED0000-0x0000000001F02000-memory.exe

C:\Users\Admin\AppData\Local\Temp\1684-55-0x0000000001ED0000-0x0000000001F02000-memory.exe
"C:\Users\Admin\AppData\Local\Temp\1684-55-0x0000000001ED0000-0x0000000001F02000-memory.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1392

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1392-54-0x0000000000AF0000-0x0000000000B22000-memory.dmp

Filesize
200KB

Download