redline | 9d16d073497cf3d17e738867771235c27bebea79e9c6c945e18112e7d19069e4

Analysis

max time kernel
301s
max time network
306s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
01-11-2022 10:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9d16d073497cf3d17e738867771235c27bebea79e9c6c945e18112e7d19069e4.exe
Size

2.4MB
MD5

abe80efffb239dbd2ec2dd07cba01367
SHA1

907a094a62f74a6da3ea4fd02bb7baedd4dbe5cb
SHA256

9d16d073497cf3d17e738867771235c27bebea79e9c6c945e18112e7d19069e4
SHA512

e196482571f98c5d950a00098fb680502d10a2255ccc303fe1d1651cfde1eb19d6afe72c4c4e42eacea5fee454b2802b7d70712bc11018001f834ab3e186161a
SSDEEP

24576:PK30YwYTUfeJbMGhoXDrjfshe5p5+ioIly6e6jdYQLJiLkl3RuQ55313L:PKlsppAzIly6/jdYQ1l3t

Score

10^/10

redline infostealer

Malware Config

Extracted

Family

redline

185.148.39.219:47029

Attributes

auth_value
f8868787260be95572b321e957e39e5a

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 2 IoCs

resource	yara_rule
behavioral2/memory/145160-128-0x000000000041B50E-mapping.dmp	family_redline
behavioral2/memory/145160-123-0x0000000000400000-0x0000000000420000-memory.dmp	family_redline

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2728 set thread context of 145160	2728	9d16d073497cf3d17e738867771235c27bebea79e9c6c945e18112e7d19069e4.exe	67

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2728 wrote to memory of 145160	2728	9d16d073497cf3d17e738867771235c27bebea79e9c6c945e18112e7d19069e4.exe	67
PID 2728 wrote to memory of 145160	2728	9d16d073497cf3d17e738867771235c27bebea79e9c6c945e18112e7d19069e4.exe	67
PID 2728 wrote to memory of 145160	2728	9d16d073497cf3d17e738867771235c27bebea79e9c6c945e18112e7d19069e4.exe	67
PID 2728 wrote to memory of 145160	2728	9d16d073497cf3d17e738867771235c27bebea79e9c6c945e18112e7d19069e4.exe	67
PID 2728 wrote to memory of 145160	2728	9d16d073497cf3d17e738867771235c27bebea79e9c6c945e18112e7d19069e4.exe	67

C:\Users\Admin\AppData\Local\Temp\9d16d073497cf3d17e738867771235c27bebea79e9c6c945e18112e7d19069e4.exe
"C:\Users\Admin\AppData\Local\Temp\9d16d073497cf3d17e738867771235c27bebea79e9c6c945e18112e7d19069e4.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2728
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:145160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2728-118-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/2728-117-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/2728-119-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/2728-116-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/2728-121-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/2728-122-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/2728-120-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/2728-115-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-128-0x000000000041B50E-mapping.dmp

Download
memory/145160-129-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-130-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-123-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/145160-132-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-136-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-135-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-139-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-140-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-143-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-144-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-146-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-149-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-150-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-153-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-152-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-151-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-154-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-157-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-156-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-158-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-159-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-155-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-148-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-147-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-160-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-145-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-142-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-162-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-141-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-138-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-133-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-131-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-163-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-164-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-165-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-166-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-167-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-169-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-171-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-170-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-172-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-168-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-173-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-174-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-176-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-175-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-177-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-178-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-180-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-182-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-181-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-179-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/145160-184-0x0000000009B30000-0x000000000A136000-memory.dmp

Filesize
6.0MB

Download
memory/145160-185-0x0000000009540000-0x0000000009552000-memory.dmp

Filesize
72KB

Download
memory/145160-186-0x0000000009670000-0x000000000977A000-memory.dmp

Filesize
1.0MB

Download
memory/145160-189-0x00000000095A0000-0x00000000095DE000-memory.dmp

Filesize
248KB

Download
memory/145160-191-0x00000000095E0000-0x000000000962B000-memory.dmp

Filesize
300KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads