redline | 48e43a3420b900e5f2cadf7a6c43eac594c3fac1a753ce80b58367920d36fa47 | Triage

Analysis

max time kernel
132s
max time network
150s
platform
windows7_x64
resource
win7-20220414-en
submitted
14-07-2022 01:32

Sharing

Report Analysis Logs

General

Target

48e43a3420b900e5f2cadf7a6c43eac594c3fac1a753ce80b58367920d36fa47.exe
Size

96KB
MD5

fa17295c47a1f3cac859f03ebdf57642
SHA1

f891d02d000eeef76e43b382d3e6cb5d2d46f4ea
SHA256

48e43a3420b900e5f2cadf7a6c43eac594c3fac1a753ce80b58367920d36fa47
SHA512

a98de3ee3c02a6f3961870cc273125798c5c92a81a3d6e5e381e9b8c3db034c390ea3b869ed1a2226dce49987d38a02ebd05827709975d4f33500e3b17a2d811

Score

10^/10

redline @lampikkk infostealer

Malware Config

Extracted

Family

redline

Botnet

@Lampikkk

C2

87.251.71.226:2997

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1708-54-0x0000000001240000-0x000000000125C000-memory.dmp	family_redline

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

48e43a3420b900e5f2cadf7a6c43eac594c3fac1a753ce80b58367920d36fa47.exe

description pid process

Token: SeDebugPrivilege 1708 48e43a3420b900e5f2cadf7a6c43eac594c3fac1a753ce80b58367920d36fa47.exe

C:\Users\Admin\AppData\Local\Temp\48e43a3420b900e5f2cadf7a6c43eac594c3fac1a753ce80b58367920d36fa47.exe
"C:\Users\Admin\AppData\Local\Temp\48e43a3420b900e5f2cadf7a6c43eac594c3fac1a753ce80b58367920d36fa47.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1708-54-0x0000000001240000-0x000000000125C000-memory.dmp

Filesize
112KB

Download
memory/1708-55-0x00000000758D1000-0x00000000758D3000-memory.dmp

Filesize
8KB

Download