redline | e6deaf5727395961ec2050fb612400e8898d7cdc7b14179b158828a250bd8c0f | Triage

Analysis

max time kernel
43s
max time network
47s
platform
windows7_x64
resource
win7-20220718-en
resource tags

arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system
submitted
03-08-2022 02:12

Sharing

Report Analysis Logs

General

Target

1496-55-0x00000000006E0000-0x0000000000710000-memory.exe
Size

192KB
MD5

2087a8dbda26c1bab7a4a105138c70ef
SHA1

c263b360c8f9cb04159e1ab7c0ed875cbf490fe6
SHA256

e6deaf5727395961ec2050fb612400e8898d7cdc7b14179b158828a250bd8c0f
SHA512

598760aa3cbd2d69551201d58f2c12cc162750207be6beebef1a05f302fac07dd249abfb3b6b6cd6c76ed06e3fd2beb56398ebe309ce809ad5184ff3dfcd3d0f

Score

10^/10

redline af2 infostealer

Malware Config

Extracted

Family

redline

Botnet

AF2

C2

stcontact.top:80

Attributes

auth_value
4d729a2faecb406a0eb1d6fcf30432fa

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

1496-55-0x00000000006E0000-0x0000000000710000-memory.exe

description pid process

Token: SeDebugPrivilege 1964 1496-55-0x00000000006E0000-0x0000000000710000-memory.exe

C:\Users\Admin\AppData\Local\Temp\1496-55-0x00000000006E0000-0x0000000000710000-memory.exe
"C:\Users\Admin\AppData\Local\Temp\1496-55-0x00000000006E0000-0x0000000000710000-memory.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1964

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1964-54-0x0000000000D50000-0x0000000000D80000-memory.dmp

Filesize
192KB

Download