redline | 66893148b0d748534dc339b1d78ba769da59c03f825e731c996d5d410ce41247

Analysis

max time kernel
36s
max time network
42s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04-10-2022 21:20

Target

Netflix CheckerV12.9.exe
Size

95KB
MD5

42fe72738e1370f5bbaeb3db4f876355
SHA1

6f6f1e41876a3173784b2a86963d3edb5a3759bc
SHA256

be21f545f9fe4431d9a3c1369dba40ec4cd395106caef6c51c7ce04e6f44419d
SHA512

24c4198b87051c08fbf91affa4a227ce9ad3a854a271c35b414569cf5a44c03f06c7ed172fc23a60d28e7096641c6b866167405961c91d5cd3d4b117723b2766
SSDEEP

1536:Fqsgaq+A/lbG6jejoigIP43Ywzi0Zb78ivombfexv0ujXyyed2J3teulgS6pQl:DfZeYP+zi0ZbYe1g0ujyzdxQ

Score

10^/10

Family

redline

Botnet

cheat

2.tcp.eu.ngrok.io:10642

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral1/memory/4912-132-0x0000000000DD0000-0x0000000000DEE000-memory.dmp	family_redline

C:\Users\Admin\AppData\Local\Temp\Netflix CheckerV12.9.exe
"C:\Users\Admin\AppData\Local\Temp\Netflix CheckerV12.9.exe"
1⤵
PID:4912

memory/4912-132-0x0000000000DD0000-0x0000000000DEE000-memory.dmp

Filesize
120KB

Download
memory/4912-133-0x0000000005E40000-0x0000000006458000-memory.dmp

Filesize
6.1MB

Download
memory/4912-134-0x0000000005740000-0x0000000005752000-memory.dmp

Filesize
72KB

Download
memory/4912-135-0x00000000057A0000-0x00000000057DC000-memory.dmp

Filesize
240KB

Download