redline | 3d971018d7289c3fb75c7d3498e6cf3e7df0b6c2702502cdaab4df0aa44a142e | Triage

Analysis

max time kernel
150s
max time network
190s
platform
windows7_x64
resource
win7-20220414-en
submitted
03-07-2022 02:36

Sharing

Report Analysis Logs

General

Target

3d971018d7289c3fb75c7d3498e6cf3e7df0b6c2702502cdaab4df0aa44a142e.exe
Size

92KB
MD5

55acfa0308171c220566304f560975cc
SHA1

c3d893fdd35608efa23d57dd30828eebaf8f2eb9
SHA256

3d971018d7289c3fb75c7d3498e6cf3e7df0b6c2702502cdaab4df0aa44a142e
SHA512

0f7534defb862624ccc8bb6a93a8df3300be64203506b31184d95285f4bf51e4ae05e920cc6f2e62d6a94278c5e0745befbc15c7080648b5a4e7560dbf3466bf

Score

10^/10

redline @mavrodisp infostealer

Malware Config

Extracted

Family

redline

Botnet

@MavrodiSP

C2

198.50.194.48:16845

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine Payload 1 IoCs

resource	yara_rule
behavioral1/memory/1284-54-0x00000000000A0000-0x00000000000BC000-memory.dmp	family_redline

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1284	3d971018d7289c3fb75c7d3498e6cf3e7df0b6c2702502cdaab4df0aa44a142e.exe

C:\Users\Admin\AppData\Local\Temp\3d971018d7289c3fb75c7d3498e6cf3e7df0b6c2702502cdaab4df0aa44a142e.exe
"C:\Users\Admin\AppData\Local\Temp\3d971018d7289c3fb75c7d3498e6cf3e7df0b6c2702502cdaab4df0aa44a142e.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1284-54-0x00000000000A0000-0x00000000000BC000-memory.dmp

Filesize
112KB

Download
memory/1284-55-0x0000000075E51000-0x0000000075E53000-memory.dmp

Filesize
8KB

Download