redline | bea9789e908b6a46592f963e652a858dde0a109de997819affc4b77cbc336098

Analysis

max time kernel
117s
max time network
119s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
23-01-2023 14:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bea9789e908b6a46592f963e652a858dde0a109de997819affc4b77cbc336098.exe
Size

3.7MB
MD5

a45e6fa02ca2dbeeb23d6fff96436a97
SHA1

61ffee4cb8d28ca05b20076a5ba92aff99449ba7
SHA256

bea9789e908b6a46592f963e652a858dde0a109de997819affc4b77cbc336098
SHA512

aface0a7bd84fb503358087b27d891b6bac48f7d56c4e94dbd4cd4ad350ac3891e0180fb2a4cf76a516d753c9e5c12daea3b038c517cbf8268b7887a003f0707
SSDEEP

98304:sBuzuXKMr2WYU68OdYIebQ4kUny6yuuhk6R1J3bj+:h63TO8K6ypk6fRby

Score

10^/10

redline st1 infostealer

Malware Config

Extracted

Family

redline

Botnet

st1

librchichelpai.shop:81

rniwondunuifac.shop:81

Attributes

auth_value
a7232a45d6034ee2454fc434093d8f12

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

Suspicious use of SetThreadContext 1 IoCs

Processes:

bea9789e908b6a46592f963e652a858dde0a109de997819affc4b77cbc336098.exe

description	pid	process	target process
PID 2100 set thread context of 3000	2100	bea9789e908b6a46592f963e652a858dde0a109de997819affc4b77cbc336098.exe	AppLaunch.exe

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

bea9789e908b6a46592f963e652a858dde0a109de997819affc4b77cbc336098.exe

description	pid	process	target process
PID 2100 wrote to memory of 3000	2100	bea9789e908b6a46592f963e652a858dde0a109de997819affc4b77cbc336098.exe	AppLaunch.exe
PID 2100 wrote to memory of 3000	2100	bea9789e908b6a46592f963e652a858dde0a109de997819affc4b77cbc336098.exe	AppLaunch.exe
PID 2100 wrote to memory of 3000	2100	bea9789e908b6a46592f963e652a858dde0a109de997819affc4b77cbc336098.exe	AppLaunch.exe
PID 2100 wrote to memory of 3000	2100	bea9789e908b6a46592f963e652a858dde0a109de997819affc4b77cbc336098.exe	AppLaunch.exe
PID 2100 wrote to memory of 3000	2100	bea9789e908b6a46592f963e652a858dde0a109de997819affc4b77cbc336098.exe	AppLaunch.exe

C:\Users\Admin\AppData\Local\Temp\bea9789e908b6a46592f963e652a858dde0a109de997819affc4b77cbc336098.exe
"C:\Users\Admin\AppData\Local\Temp\bea9789e908b6a46592f963e652a858dde0a109de997819affc4b77cbc336098.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2100

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
2⤵
PID:3000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2100-120-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/2100-121-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/2100-122-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/2100-123-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/2100-124-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/2100-125-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/2100-126-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/2100-127-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/2100-128-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/2100-129-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/2100-130-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/2100-131-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/2100-132-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/2100-133-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/2100-134-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/2100-135-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/2100-136-0x0000000000DF0000-0x0000000001386000-memory.dmp

Filesize
5.6MB

Download
memory/2100-138-0x0000000000CA3000-0x0000000000CA5000-memory.dmp

Filesize
8KB

Download
memory/3000-139-0x0000000000760000-0x0000000000792000-memory.dmp

Filesize
200KB

Download
memory/3000-144-0x000000000077B5DA-mapping.dmp

Download
memory/3000-145-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-146-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-147-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-148-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-149-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-152-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-151-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-154-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-155-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-156-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-157-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-158-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-159-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-160-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-161-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-162-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-163-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-164-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-165-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-166-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-167-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-168-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-169-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-170-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-171-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-172-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-173-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-174-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-175-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-176-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-178-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-179-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-180-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-181-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-182-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-183-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-184-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-185-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-186-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-187-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-188-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/3000-200-0x0000000009160000-0x0000000009766000-memory.dmp

Filesize
6.0MB

Download
memory/3000-201-0x0000000008CF0000-0x0000000008DFA000-memory.dmp

Filesize
1.0MB

Download
memory/3000-203-0x0000000008C20000-0x0000000008C32000-memory.dmp

Filesize
72KB

Download
memory/3000-205-0x0000000008E00000-0x0000000008E3E000-memory.dmp

Filesize
248KB

Download
memory/3000-207-0x0000000008C40000-0x0000000008C8B000-memory.dmp

Filesize
300KB

Download