redline | 3f4e11d0578c3ff16bf06223ee2e002c974b3cce8beee42e1477e3dd1651af62

Analysis

max time kernel
300s
max time network
303s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
01/11/2022, 09:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f4e11d0578c3ff16bf06223ee2e002c974b3cce8beee42e1477e3dd1651af62.exe
Size

2.4MB
MD5

2a2a0e591a210036c2c759c1e55a71c4
SHA1

bfdb8ac935dd709781b781a9af707dbb6c21b6a2
SHA256

3f4e11d0578c3ff16bf06223ee2e002c974b3cce8beee42e1477e3dd1651af62
SHA512

ab08a2bcb3ecf5edf9c7abe239a2bf1c839beafcbb7a42c80dbe9130188a803f973d2c37e6253c45c14df48f5452a161fc09edaa6f39a7da4f73174fd5c0fe87
SSDEEP

24576:yYK7vYaY01FGiX5M1OoxXrZwZbrGwOjG7nJyGML/5l3RuQ55313E:tKzGnwOK7nJyGMNl3q

Score

10^/10

redline 1289087590_99 infostealer

Malware Config

Extracted

Family

redline

Botnet

1289087590_99

topbe24.xyz:28786

Attributes

auth_value
4825d8be04f79323d5e9daee4d2c929e

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2452 set thread context of 147356	2452	3f4e11d0578c3ff16bf06223ee2e002c974b3cce8beee42e1477e3dd1651af62.exe	65

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2452 wrote to memory of 147356	2452	3f4e11d0578c3ff16bf06223ee2e002c974b3cce8beee42e1477e3dd1651af62.exe	65
PID 2452 wrote to memory of 147356	2452	3f4e11d0578c3ff16bf06223ee2e002c974b3cce8beee42e1477e3dd1651af62.exe	65
PID 2452 wrote to memory of 147356	2452	3f4e11d0578c3ff16bf06223ee2e002c974b3cce8beee42e1477e3dd1651af62.exe	65
PID 2452 wrote to memory of 147356	2452	3f4e11d0578c3ff16bf06223ee2e002c974b3cce8beee42e1477e3dd1651af62.exe	65
PID 2452 wrote to memory of 147356	2452	3f4e11d0578c3ff16bf06223ee2e002c974b3cce8beee42e1477e3dd1651af62.exe	65

C:\Users\Admin\AppData\Local\Temp\3f4e11d0578c3ff16bf06223ee2e002c974b3cce8beee42e1477e3dd1651af62.exe
"C:\Users\Admin\AppData\Local\Temp\3f4e11d0578c3ff16bf06223ee2e002c974b3cce8beee42e1477e3dd1651af62.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2452
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:147356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2452-119-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2452-121-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2452-123-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2452-125-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2452-124-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2452-122-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2452-120-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2452-118-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2452-135-0x0000000000400000-0x0000000000559000-memory.dmp

Filesize
1.3MB

Download
memory/2452-126-0x0000000000400000-0x0000000000559000-memory.dmp

Filesize
1.3MB

Download
memory/147356-127-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/147356-140-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-141-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-144-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-146-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-149-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-150-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-153-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-156-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-158-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-157-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-155-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-161-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-160-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-162-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-163-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-164-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-159-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-154-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-165-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-152-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-151-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-147-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-148-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-167-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-145-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-168-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-170-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-171-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-172-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-169-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-173-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-143-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-174-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-175-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-138-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-137-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-136-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-134-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-133-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-176-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-177-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-178-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-179-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-180-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-181-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-182-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-184-0x0000000007180000-0x0000000007192000-memory.dmp

Filesize
72KB

Download
memory/147356-183-0x0000000009C70000-0x000000000A276000-memory.dmp

Filesize
6.0MB

Download
memory/147356-185-0x0000000009770000-0x000000000987A000-memory.dmp

Filesize
1.0MB

Download
memory/147356-186-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-187-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-188-0x0000000009660000-0x000000000969E000-memory.dmp

Filesize
248KB

Download
memory/147356-189-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-190-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-191-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/147356-196-0x00000000096A0000-0x00000000096EB000-memory.dmp

Filesize
300KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads