redline | 27a1982fdaa71485013995aeec19307ed6ff482ab89d901e2d27e46b070b5fe7

Analysis

max time kernel
138s
max time network
152s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
02/02/2023, 00:03

Target

file.exe
Size

332KB
MD5

d5576d24ee8784eaf9219011e566882c
SHA1

87a702eb6ada80642d69724dd469d28e8c86a6b5
SHA256

27a1982fdaa71485013995aeec19307ed6ff482ab89d901e2d27e46b070b5fe7
SHA512

4f9284dc144703b3cfd27e3dfbe1f1d8a3d2a78331b1326f87ff2c0f57819eaf5827ce0b615bdc1e5c358baff175661e73d9748436dc95e53495473a7dbf8999
SSDEEP

6144:e3YjeUL7q8L9PIcDxY7cMgF1tXHYrVUSw5JUld3Gmjpo7MO:e347Xq8L6IKcMg5XHg2SV/2y

Score

10^/10

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 2 IoCs

resource	yara_rule
behavioral1/memory/1764-54-0x00000000047C0000-0x000000000481A000-memory.dmp	family_redline
behavioral1/memory/1764-55-0x0000000004820000-0x0000000004878000-memory.dmp	family_redline

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1764	file.exe

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1764

memory/1764-54-0x00000000047C0000-0x000000000481A000-memory.dmp

Filesize
360KB

Download
memory/1764-55-0x0000000004820000-0x0000000004878000-memory.dmp

Filesize
352KB

Download
memory/1764-56-0x0000000075E81000-0x0000000075E83000-memory.dmp

Filesize
8KB

Download
memory/1764-57-0x0000000002D8B000-0x0000000002DB9000-memory.dmp

Filesize
184KB

Download
memory/1764-58-0x0000000000220000-0x0000000000282000-memory.dmp

Filesize
392KB

Download
memory/1764-59-0x0000000000400000-0x0000000002BBC000-memory.dmp

Filesize
39.7MB

Download