redline | fd7febd8ead3a95855640ef0670d68b5205f3527b278b78c6b887b884c4a066d

Analysis

max time kernel
151s
max time network
157s
platform
windows10_x64
resource
win10-20220414-en
submitted
24-05-2022 07:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fd7febd8ead3a95855640ef0670d68b5205f3527b278b78c6b887b884c4a066d.exe
Size

405KB
MD5

71003a00e03736e8f8cd45eb932c9a2a
SHA1

916569d6fc2db21f4e05ada59f520b77a27edfb5
SHA256

fd7febd8ead3a95855640ef0670d68b5205f3527b278b78c6b887b884c4a066d
SHA512

dfded54ea2912e47aee815f703b3cf7ecd159469d930e216eb98139830942aa8807c50897e602807b009ae4a8f60e97fc295c5a83d92bf796377d591327803c7

Score

10^/10

redline test1 infostealer

Malware Config

Extracted

Family

redline

Botnet

test1

185.215.113.75:80

Attributes

auth_value
7ab4a4e2eae9eb7ae10f64f68df53bb3

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

fd7febd8ead3a95855640ef0670d68b5205f3527b278b78c6b887b884c4a066d.exe

description pid process

Token: SeDebugPrivilege 536 fd7febd8ead3a95855640ef0670d68b5205f3527b278b78c6b887b884c4a066d.exe

description	pid	process
Token: SeDebugPrivilege	536	fd7febd8ead3a95855640ef0670d68b5205f3527b278b78c6b887b884c4a066d.exe

C:\Users\Admin\AppData\Local\Temp\fd7febd8ead3a95855640ef0670d68b5205f3527b278b78c6b887b884c4a066d.exe
"C:\Users\Admin\AppData\Local\Temp\fd7febd8ead3a95855640ef0670d68b5205f3527b278b78c6b887b884c4a066d.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/536-118-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-119-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-120-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-121-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-122-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-123-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-124-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-125-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-126-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-127-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-128-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-129-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-131-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-130-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-133-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-132-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-134-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-135-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-136-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-137-0x0000000000BA7000-0x0000000000BD1000-memory.dmp

Filesize
168KB

Download
memory/536-139-0x0000000000AA0000-0x0000000000AD7000-memory.dmp

Filesize
220KB

Download
memory/536-138-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-140-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-141-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-142-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-143-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-144-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-145-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-146-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-148-0x0000000000400000-0x000000000092E000-memory.dmp

Filesize
5.2MB

Download
memory/536-147-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-149-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-150-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-151-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-152-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-154-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-153-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-155-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-156-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-157-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-158-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-159-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-160-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-161-0x0000000002680000-0x00000000026B0000-memory.dmp

Filesize
192KB

Download
memory/536-162-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-163-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-164-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-165-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-166-0x0000000005130000-0x000000000562E000-memory.dmp

Filesize
5.0MB

Download
memory/536-167-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-168-0x0000000002860000-0x000000000288E000-memory.dmp

Filesize
184KB

Download
memory/536-169-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-170-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-171-0x0000000005630000-0x0000000005C36000-memory.dmp

Filesize
6.0MB

Download
memory/536-172-0x0000000004F50000-0x0000000004F62000-memory.dmp

Filesize
72KB

Download
memory/536-173-0x0000000004F80000-0x000000000508A000-memory.dmp

Filesize
1.0MB

Download
memory/536-174-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-175-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-176-0x0000000005090000-0x00000000050CE000-memory.dmp

Filesize
248KB

Download
memory/536-177-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-178-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-179-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-180-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-181-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-183-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-182-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-184-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-185-0x0000000005C40000-0x0000000005C8B000-memory.dmp

Filesize
300KB

Download
memory/536-186-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-187-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-188-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/536-189-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads