Analysis
-
max time kernel
103s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
02-07-2022 01:19
Behavioral task
behavioral1
Sample
1708-59-0x0000000002550000-0x0000000002584000-memory.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1708-59-0x0000000002550000-0x0000000002584000-memory.exe
Resource
win10v2004-20220414-en
General
-
Target
1708-59-0x0000000002550000-0x0000000002584000-memory.exe
-
Size
208KB
-
MD5
1028e8b370aa3bd0a4391bb9b23201b7
-
SHA1
5eaa00299b2b4910ca5ecb9e2f044ce4becc5920
-
SHA256
f806835a1b630dd4cccb4621a5f6c551ab129e4c697a943367d3ca27f58f3402
-
SHA512
7965b426c822d82bc85486d391e33e6ee807918ef12da51a1fbe1da24c886cb54eba7ffc981be601f2b2314cbc58cbb2bce62751050b30c86ab0811ddb40b498
Malware Config
Extracted
redline
2
193.124.22.7:35632
-
auth_value
59967defa326eeea5c873678294c84b0
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/988-130-0x0000000000950000-0x0000000000984000-memory.dmp family_redline -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
1708-59-0x0000000002550000-0x0000000002584000-memory.exedescription pid process Token: SeDebugPrivilege 988 1708-59-0x0000000002550000-0x0000000002584000-memory.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/988-130-0x0000000000950000-0x0000000000984000-memory.dmpFilesize
208KB