redline | 38dd5eb31a01c6a8f128c7fe7a69e066b5633f235029fbca02942630eb51df7d

Analysis

max time kernel
150s
max time network
153s
platform
windows10_x64
resource
win10-20220414-en
submitted
26-05-2022 19:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38dd5eb31a01c6a8f128c7fe7a69e066b5633f235029fbca02942630eb51df7d.exe
Size

316KB
MD5

ac5da5a6ba41c275f9c241ff66ef39fb
SHA1

88b7aa4dfd3ad049148457b92b92ffafa4ba3243
SHA256

38dd5eb31a01c6a8f128c7fe7a69e066b5633f235029fbca02942630eb51df7d
SHA512

e0e33aa3ff13f0cf9200ad5ebb29d9532103dce201798dc9f4e4adbc154b10f55dffc2fb49942f8d4b478c6f668b0689dfad68e36d86f74b8529bd5078f0df5d

Score

10^/10

redline top infostealer

Malware Config

Extracted

Family

redline

Botnet

top

185.215.113.75:81

Attributes

auth_value
ff6259bc2baf33b54b454aad484fb0ee

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

38dd5eb31a01c6a8f128c7fe7a69e066b5633f235029fbca02942630eb51df7d.exe

description pid process

Token: SeDebugPrivilege 2664 38dd5eb31a01c6a8f128c7fe7a69e066b5633f235029fbca02942630eb51df7d.exe

description	pid	process
Token: SeDebugPrivilege	2664	38dd5eb31a01c6a8f128c7fe7a69e066b5633f235029fbca02942630eb51df7d.exe

C:\Users\Admin\AppData\Local\Temp\38dd5eb31a01c6a8f128c7fe7a69e066b5633f235029fbca02942630eb51df7d.exe
"C:\Users\Admin\AppData\Local\Temp\38dd5eb31a01c6a8f128c7fe7a69e066b5633f235029fbca02942630eb51df7d.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2664-118-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-119-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-120-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-121-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-122-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-123-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-124-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-125-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-126-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-127-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-128-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-129-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-130-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-131-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-133-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-134-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-135-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-136-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-132-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-137-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-138-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-139-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-140-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-141-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-142-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-143-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-144-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-145-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-146-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-147-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-148-0x00000000006AA000-0x00000000006D4000-memory.dmp

Filesize
168KB

Download
memory/2664-151-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-150-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2664-149-0x00000000005D0000-0x0000000000607000-memory.dmp

Filesize
220KB

Download
memory/2664-152-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-153-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-154-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-155-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-156-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-157-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-158-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-159-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-160-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-161-0x0000000002310000-0x0000000002340000-memory.dmp

Filesize
192KB

Download
memory/2664-162-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-163-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-164-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-165-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-166-0x0000000004B60000-0x000000000505E000-memory.dmp

Filesize
5.0MB

Download
memory/2664-167-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-168-0x0000000002500000-0x000000000252E000-memory.dmp

Filesize
184KB

Download
memory/2664-169-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-170-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-171-0x0000000005060000-0x0000000005666000-memory.dmp

Filesize
6.0MB

Download
memory/2664-172-0x00000000056E0000-0x00000000056F2000-memory.dmp

Filesize
72KB

Download
memory/2664-173-0x0000000005710000-0x000000000581A000-memory.dmp

Filesize
1.0MB

Download
memory/2664-174-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-175-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-176-0x0000000005820000-0x000000000585E000-memory.dmp

Filesize
248KB

Download
memory/2664-177-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-178-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-179-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-180-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-181-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-182-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-183-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-184-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-185-0x00000000058B0000-0x00000000058FB000-memory.dmp

Filesize
300KB

Download
memory/2664-186-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-187-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-188-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download
memory/2664-189-0x0000000077D70000-0x0000000077EFE000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads