redline | 6aed540e0b13f3af56aa361bda06d1abd7a3af5f5abd7cf90e7a680fe652b233

Analysis

max time kernel
323s
max time network
339s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
28-11-2022 22:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6aed540e0b13f3af56aa361bda06d1abd7a3af5f5abd7cf90e7a680fe652b233.exe
Size

389KB
MD5

74142a69e8bad556fc32f102d6a3ee50
SHA1

38e01c34a02b253cb5981e37ceb2bf960f63a97a
SHA256

6aed540e0b13f3af56aa361bda06d1abd7a3af5f5abd7cf90e7a680fe652b233
SHA512

b1b94b5cfe332b1838c7e09eb53b69d9e3c4374ad58e80cf2933da86c60f00a4dba3be666e6fccfa2eebe7bbf875a165f0fc60385fddc8474ae0a3b3f94f2339
SSDEEP

6144:eUrdXgO/T5x2zL0SFP4clyC+EclBAxVwNsUkHhSfbr5:eUpn/TqLvYC+BAisBH0fbr

Score

10^/10

redline newyear2023 infostealer

Malware Config

Extracted

Family

redline

Botnet

NewYear2023

185.106.92.111:2510

Attributes

auth_value
99e9bde3b38509ea98c3316cc27e6106

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4960-159-0x0000000002350000-0x000000000238E000-memory.dmp	family_redline
behavioral2/memory/4960-166-0x00000000026A0000-0x00000000026DC000-memory.dmp	family_redline

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

6aed540e0b13f3af56aa361bda06d1abd7a3af5f5abd7cf90e7a680fe652b233.exe

description pid process

Token: SeDebugPrivilege 4960 6aed540e0b13f3af56aa361bda06d1abd7a3af5f5abd7cf90e7a680fe652b233.exe

description	pid	process
Token: SeDebugPrivilege	4960	6aed540e0b13f3af56aa361bda06d1abd7a3af5f5abd7cf90e7a680fe652b233.exe

C:\Users\Admin\AppData\Local\Temp\6aed540e0b13f3af56aa361bda06d1abd7a3af5f5abd7cf90e7a680fe652b233.exe
"C:\Users\Admin\AppData\Local\Temp\6aed540e0b13f3af56aa361bda06d1abd7a3af5f5abd7cf90e7a680fe652b233.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4960-116-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-117-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-118-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-119-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-120-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-121-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-122-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-123-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-124-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-125-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-126-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-127-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-128-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-129-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-130-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-131-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-132-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-133-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-134-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-135-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-136-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-138-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-139-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-137-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-141-0x0000000000520000-0x00000000005CE000-memory.dmp

Filesize
696KB

Download
memory/4960-142-0x00000000004C0000-0x00000000004FE000-memory.dmp

Filesize
248KB

Download
memory/4960-143-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-144-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-145-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-146-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/4960-147-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-148-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-149-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-150-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-152-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-151-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-153-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-154-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-155-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-156-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-157-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-158-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-159-0x0000000002350000-0x000000000238E000-memory.dmp

Filesize
248KB

Download
memory/4960-160-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-161-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-162-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-163-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-164-0x0000000004BB0000-0x00000000050AE000-memory.dmp

Filesize
5.0MB

Download
memory/4960-165-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-166-0x00000000026A0000-0x00000000026DC000-memory.dmp

Filesize
240KB

Download
memory/4960-167-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-168-0x00000000050B0000-0x0000000005142000-memory.dmp

Filesize
584KB

Download
memory/4960-169-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-170-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-171-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-172-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-173-0x0000000000520000-0x00000000005CE000-memory.dmp

Filesize
696KB

Download
memory/4960-174-0x00000000004C0000-0x00000000004FE000-memory.dmp

Filesize
248KB

Download
memory/4960-175-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-176-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-177-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-178-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-179-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-180-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-181-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-182-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-183-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-184-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-185-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-186-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/4960-187-0x00000000053D0000-0x00000000059D6000-memory.dmp

Filesize
6.0MB

Download
memory/4960-188-0x00000000051E0000-0x00000000052EA000-memory.dmp

Filesize
1.0MB

Download
memory/4960-189-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-190-0x0000000005320000-0x0000000005332000-memory.dmp

Filesize
72KB

Download
memory/4960-191-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-192-0x0000000005340000-0x000000000537E000-memory.dmp

Filesize
248KB

Download
memory/4960-193-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-194-0x0000000005AE0000-0x0000000005B2B000-memory.dmp

Filesize
300KB

Download
memory/4960-195-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download