redline | f95c2d3e26d8ae5a3c82d2c98a5ce5aaef030b97b3462c4922a1910f176e52c7

Analysis

max time kernel
155s
max time network
161s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
04/10/2022, 08:19

Target

malware_smoke_1801815889.exe
Size

374KB
MD5

ff3beb3954bd1143b6429c19dede6169
SHA1

82224d982f4c2daebdffe23617f7ffe502185416
SHA256

f95c2d3e26d8ae5a3c82d2c98a5ce5aaef030b97b3462c4922a1910f176e52c7
SHA512

abfe31e322f652e2cb0f11842d54b25d89e477cb7ac89b109dd64a06cbe1b58807aad5ac56ea9adb87242d42e103bc3dd998687fd44731fcd45dfcc51cc65c79
SSDEEP

6144:KSXp0b2w8IziM+vu5uIsQ/N1LQqZxNCO5CLkkRqUW:KRb2w9ziUXztxNL5dU

Score

10^/10

Family

redline

Botnet

193.106.191.67:44400

Attributes

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 2 IoCs

resource	yara_rule
behavioral1/memory/1744-54-0x00000000022D0000-0x0000000002304000-memory.dmp	family_redline
behavioral1/memory/1744-55-0x0000000004790000-0x00000000047C2000-memory.dmp	family_redline

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1744	malware_smoke_1801815889.exe

C:\Users\Admin\AppData\Local\Temp\malware_smoke_1801815889.exe
"C:\Users\Admin\AppData\Local\Temp\malware_smoke_1801815889.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1744

memory/1744-54-0x00000000022D0000-0x0000000002304000-memory.dmp

Filesize
208KB

Download
memory/1744-55-0x0000000004790000-0x00000000047C2000-memory.dmp

Filesize
200KB

Download
memory/1744-56-0x000000000067F000-0x00000000006AB000-memory.dmp

Filesize
176KB

Download
memory/1744-57-0x0000000000220000-0x0000000000259000-memory.dmp

Filesize
228KB

Download
memory/1744-58-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download
memory/1744-59-0x0000000074DA1000-0x0000000074DA3000-memory.dmp

Filesize
8KB

Download