redline | ddf2f2f4d4095b1fa3c5389625ff9a710bf67a6c7354604c06779b3c42a99265

Analysis

max time kernel
297s
max time network
299s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
01/11/2022, 11:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ddf2f2f4d4095b1fa3c5389625ff9a710bf67a6c7354604c06779b3c42a99265.exe
Size

2.5MB
MD5

5f203f2efa133f01cdb0b157b9962b2b
SHA1

05115d1581b428632103c914447980d2d2f655fc
SHA256

ddf2f2f4d4095b1fa3c5389625ff9a710bf67a6c7354604c06779b3c42a99265
SHA512

71c94e8ffb55e322a82668896fceced08b2896e13748cd2b83088e5b494a796bd74ca14639ed304852ed806784d67e42a1a082950bfe4ae73b65e245f94a2504
SSDEEP

24576:sBHJeAMKvYWYFxPKFuVMaodXbeikhlEbz13QPbOMWTabiL8vLFZm5dIZl3RuQ55H:seAMJFjsp3sOrTCiL8v5Ed+l3L

Score

10^/10

redline infostealer

Malware Config

Extracted

Family

redline

185.200.191.18:80

Attributes

auth_value
3844431268eea87cbe0bda22c69b05f8

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 2 IoCs

resource	yara_rule
behavioral2/memory/196928-124-0x0000000000400000-0x0000000000420000-memory.dmp	family_redline
behavioral2/memory/196928-129-0x000000000041A7CE-mapping.dmp	family_redline

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3516 set thread context of 196928	3516	ddf2f2f4d4095b1fa3c5389625ff9a710bf67a6c7354604c06779b3c42a99265.exe	67

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 3516 wrote to memory of 196928	3516	ddf2f2f4d4095b1fa3c5389625ff9a710bf67a6c7354604c06779b3c42a99265.exe	67
PID 3516 wrote to memory of 196928	3516	ddf2f2f4d4095b1fa3c5389625ff9a710bf67a6c7354604c06779b3c42a99265.exe	67
PID 3516 wrote to memory of 196928	3516	ddf2f2f4d4095b1fa3c5389625ff9a710bf67a6c7354604c06779b3c42a99265.exe	67
PID 3516 wrote to memory of 196928	3516	ddf2f2f4d4095b1fa3c5389625ff9a710bf67a6c7354604c06779b3c42a99265.exe	67
PID 3516 wrote to memory of 196928	3516	ddf2f2f4d4095b1fa3c5389625ff9a710bf67a6c7354604c06779b3c42a99265.exe	67

C:\Users\Admin\AppData\Local\Temp\ddf2f2f4d4095b1fa3c5389625ff9a710bf67a6c7354604c06779b3c42a99265.exe
"C:\Users\Admin\AppData\Local\Temp\ddf2f2f4d4095b1fa3c5389625ff9a710bf67a6c7354604c06779b3c42a99265.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3516
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:196928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3516-116-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3516-117-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3516-118-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3516-119-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3516-120-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3516-121-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3516-122-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3516-123-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-124-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/196928-130-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-131-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-132-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-133-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-134-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-137-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-136-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-139-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-140-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-142-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-141-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-143-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-145-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-144-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-146-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-147-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-148-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-151-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-150-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-152-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-149-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-153-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-154-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-157-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-156-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-155-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-159-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-158-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-160-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-161-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-163-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-164-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-165-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-166-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-167-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-168-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-169-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-170-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-172-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-171-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-173-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-174-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-176-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-177-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-175-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-178-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-179-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-180-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-181-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-182-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-183-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/196928-185-0x0000000009D60000-0x000000000A366000-memory.dmp

Filesize
6.0MB

Download
memory/196928-186-0x00000000097E0000-0x00000000097F2000-memory.dmp

Filesize
72KB

Download
memory/196928-187-0x0000000009910000-0x0000000009A1A000-memory.dmp

Filesize
1.0MB

Download
memory/196928-190-0x0000000009840000-0x000000000987E000-memory.dmp

Filesize
248KB

Download
memory/196928-192-0x00000000098C0000-0x000000000990B000-memory.dmp

Filesize
300KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads