redline | eab8789397546d3fa44e58eefd3dbf39457a91646fc27d14f3932a6746541d1b

Analysis

max time kernel
149s
max time network
152s
platform
windows10_x64
resource
win10-20220414-en
submitted
25-05-2022 10:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eab8789397546d3fa44e58eefd3dbf39457a91646fc27d14f3932a6746541d1b.exe
Size

380KB
MD5

d6922958585860738974dada10dad426
SHA1

374a8f05bfe0ee93c700b163a9a5ad7c2ce23f1e
SHA256

eab8789397546d3fa44e58eefd3dbf39457a91646fc27d14f3932a6746541d1b
SHA512

d8105ee0a0df2071bdfb274da4e8faa95486cc95483814d0c9b3bd23fad27bb5318f5408b14769a54913a283a4058a2c8104648e96414cb92b8547f231b17e20

Score

10^/10

redline test1 infostealer

Malware Config

Extracted

Family

redline

Botnet

test1

185.215.113.75:80

Attributes

auth_value
7ab4a4e2eae9eb7ae10f64f68df53bb3

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

eab8789397546d3fa44e58eefd3dbf39457a91646fc27d14f3932a6746541d1b.exe

description pid process

Token: SeDebugPrivilege 2188 eab8789397546d3fa44e58eefd3dbf39457a91646fc27d14f3932a6746541d1b.exe

description	pid	process
Token: SeDebugPrivilege	2188	eab8789397546d3fa44e58eefd3dbf39457a91646fc27d14f3932a6746541d1b.exe

C:\Users\Admin\AppData\Local\Temp\eab8789397546d3fa44e58eefd3dbf39457a91646fc27d14f3932a6746541d1b.exe
"C:\Users\Admin\AppData\Local\Temp\eab8789397546d3fa44e58eefd3dbf39457a91646fc27d14f3932a6746541d1b.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2188-118-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-119-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-120-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-121-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-122-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-123-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-124-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-126-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-127-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-128-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-129-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-130-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-131-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-132-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-133-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-134-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-135-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-136-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-137-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-138-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-139-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-140-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-141-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-142-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-143-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-144-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-145-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-146-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-147-0x0000000000520000-0x000000000066A000-memory.dmp

Filesize
1.3MB

Download
memory/2188-149-0x0000000000520000-0x00000000005CE000-memory.dmp

Filesize
696KB

Download
memory/2188-148-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-150-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download
memory/2188-151-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-152-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-153-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-155-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-154-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-156-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-157-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-158-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-159-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-160-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-161-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-163-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-162-0x00000000021D0000-0x0000000002200000-memory.dmp

Filesize
192KB

Download
memory/2188-164-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-165-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-166-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-167-0x0000000004AA0000-0x0000000004F9E000-memory.dmp

Filesize
5.0MB

Download
memory/2188-168-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-169-0x0000000002570000-0x000000000259E000-memory.dmp

Filesize
184KB

Download
memory/2188-170-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-171-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-172-0x0000000004FA0000-0x00000000055A6000-memory.dmp

Filesize
6.0MB

Download
memory/2188-173-0x00000000055F0000-0x0000000005602000-memory.dmp

Filesize
72KB

Download
memory/2188-174-0x0000000005620000-0x000000000572A000-memory.dmp

Filesize
1.0MB

Download
memory/2188-175-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-176-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-177-0x0000000005730000-0x000000000576E000-memory.dmp

Filesize
248KB

Download
memory/2188-178-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-179-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-180-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-181-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-182-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-183-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-184-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-185-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-186-0x00000000057C0000-0x000000000580B000-memory.dmp

Filesize
300KB

Download
memory/2188-187-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-188-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-189-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/2188-190-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads