redline | 3cea532b27df8e66718e280a07427f689301e9b38a28111f56e6f122c35feea5

Analysis

max time kernel
296s
max time network
286s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
01/11/2022, 09:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3cea532b27df8e66718e280a07427f689301e9b38a28111f56e6f122c35feea5.exe
Size

2.4MB
MD5

b14b3b8053fccbae397fe996ff0195c6
SHA1

b26fc8b4657a007187a8e3eba68edd2b2a2bdd25
SHA256

3cea532b27df8e66718e280a07427f689301e9b38a28111f56e6f122c35feea5
SHA512

8673dd05b57a94525aa9c1c6cf4fb2c785f0d6ee41b0dfbc75a7a7262f3d3383be711df95230941166df6d68de9a6d0b4fde09ce1519de63daa3a357b7c65428
SSDEEP

24576:3Q2K8a1wY/YrBebBYM7NlZ8fBsDp2O2so7+lNwxsi1GlL6LzuAl3RuQ55313v:3lac4dVoGNksi1Glyl3l

Score

10^/10

redline 5579878783 infostealer

Malware Config

Extracted

Family

redline

Botnet

5579878783

193.124.22.27:8362

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 2 IoCs

resource	yara_rule
behavioral2/memory/150448-128-0x00000000005C0000-0x00000000005DE000-memory.dmp	family_redline
behavioral2/memory/150448-133-0x00000000005D973E-mapping.dmp	family_redline

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3764 set thread context of 150448	3764	3cea532b27df8e66718e280a07427f689301e9b38a28111f56e6f122c35feea5.exe	67

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	150448	AppLaunch.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 3764 wrote to memory of 150448	3764	3cea532b27df8e66718e280a07427f689301e9b38a28111f56e6f122c35feea5.exe	67
PID 3764 wrote to memory of 150448	3764	3cea532b27df8e66718e280a07427f689301e9b38a28111f56e6f122c35feea5.exe	67
PID 3764 wrote to memory of 150448	3764	3cea532b27df8e66718e280a07427f689301e9b38a28111f56e6f122c35feea5.exe	67
PID 3764 wrote to memory of 150448	3764	3cea532b27df8e66718e280a07427f689301e9b38a28111f56e6f122c35feea5.exe	67
PID 3764 wrote to memory of 150448	3764	3cea532b27df8e66718e280a07427f689301e9b38a28111f56e6f122c35feea5.exe	67

C:\Users\Admin\AppData\Local\Temp\3cea532b27df8e66718e280a07427f689301e9b38a28111f56e6f122c35feea5.exe
"C:\Users\Admin\AppData\Local\Temp\3cea532b27df8e66718e280a07427f689301e9b38a28111f56e6f122c35feea5.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3764
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:150448

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3764-120-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/3764-121-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/3764-122-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/3764-123-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/3764-124-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/3764-125-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/3764-126-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/3764-127-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-128-0x00000000005C0000-0x00000000005DE000-memory.dmp

Filesize
120KB

Download
memory/150448-134-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-135-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-136-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-137-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-138-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-140-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-141-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-143-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-144-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-145-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-146-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-147-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-148-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-149-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-150-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-151-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-152-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-153-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-154-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-155-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-156-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-157-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-158-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-159-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-160-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-161-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-162-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-163-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-164-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-165-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-167-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-168-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-169-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-170-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-173-0x0000000009190000-0x0000000009796000-memory.dmp

Filesize
6.0MB

Download
memory/150448-174-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-175-0x0000000008A40000-0x0000000008A52000-memory.dmp

Filesize
72KB

Download
memory/150448-176-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-177-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-178-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-179-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-180-0x0000000008AA0000-0x0000000008ADE000-memory.dmp

Filesize
248KB

Download
memory/150448-181-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-182-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-183-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-184-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-185-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-186-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-187-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-188-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-189-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-190-0x0000000008AE0000-0x0000000008B2B000-memory.dmp

Filesize
300KB

Download
memory/150448-191-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-192-0x0000000008D50000-0x0000000008E5A000-memory.dmp

Filesize
1.0MB

Download
memory/150448-197-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/150448-198-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download