redline | 25859ba3aba160a006626908aef75f504e5e6bc04bd7b518bbe35f3ef002b42d

Analysis

max time kernel
156s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23/11/2022, 23:41

Target

038f62be77cd59199a6ed8fce8686d93.exe
Size

95KB
MD5

038f62be77cd59199a6ed8fce8686d93
SHA1

f9f0748d73b56a0f3423a0cd82ece170e7825ac4
SHA256

25859ba3aba160a006626908aef75f504e5e6bc04bd7b518bbe35f3ef002b42d
SHA512

a1dde768b76c9dc5cd6333e33f1b2a8c2f65fc013f3e16c437df219ef008a6f0dbbe72c442c563c81702620af93c86b20af19e2ec1f4e61c43aa8b23f53889ad
SSDEEP

1536:Bqs0FRcqWClbG6jejoigI743Ywzi0Zb78ivombfexv0ujXyyed2itmulgS6pUl:v0RclyY7+zi0ZbYe1g0ujyzdWU

Score

10^/10

Family

redline

Botnet

main

45.15.157.9:4228

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral2/memory/3516-132-0x0000000000040000-0x000000000005E000-memory.dmp	family_redline

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3516	038f62be77cd59199a6ed8fce8686d93.exe

C:\Users\Admin\AppData\Local\Temp\038f62be77cd59199a6ed8fce8686d93.exe
"C:\Users\Admin\AppData\Local\Temp\038f62be77cd59199a6ed8fce8686d93.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3516

memory/3516-132-0x0000000000040000-0x000000000005E000-memory.dmp

Filesize
120KB

Download
memory/3516-133-0x00000000050C0000-0x0000000005664000-memory.dmp

Filesize
5.6MB

Download
memory/3516-134-0x0000000005C90000-0x00000000062A8000-memory.dmp

Filesize
6.1MB

Download
memory/3516-135-0x0000000004BD0000-0x0000000004C62000-memory.dmp

Filesize
584KB

Download
memory/3516-136-0x0000000004B70000-0x0000000004B82000-memory.dmp

Filesize
72KB

Download
memory/3516-137-0x0000000004CB0000-0x0000000004CEC000-memory.dmp

Filesize
240KB

Download
memory/3516-138-0x0000000007510000-0x000000000761A000-memory.dmp

Filesize
1.0MB

Download