redline | 87707a5eb60b7188dae09b52b088bff8ecfdb8edf8f344f3522ba958b2c0179c

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
24-02-2023 00:24

Target

684-3130-0x00000000026C0000-0x0000000002734000-memory.exe
Size

464KB
MD5

cb1efe2022646e7fcc0bfa66aaae1325
SHA1

c75385ab2ac3573015ebbec4992cf5785208f095
SHA256

87707a5eb60b7188dae09b52b088bff8ecfdb8edf8f344f3522ba958b2c0179c
SHA512

40f4560365c41c9efb6de88f3157cee8de4ecd88acc5a4e02a2459aad4c95aec1289e457a24cdf6f66aca3c94f4d7ffcb2ac5f18ebc4ab79dffc6c9caa163741
SSDEEP

12288:280gKe0A0PltOoPmL+uD417OMUhSSmNM:H0PltweM

Score

10^/10

Family

redline

Botnet

Hack

154.17.165.178:10377

Attributes

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1724-54-0x0000000000D20000-0x0000000000D94000-memory.dmp	family_redline

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

684-3130-0x00000000026C0000-0x0000000002734000-memory.exe

description pid process

Token: SeDebugPrivilege 1724 684-3130-0x00000000026C0000-0x0000000002734000-memory.exe

description	pid	process
Token: SeDebugPrivilege	1724	684-3130-0x00000000026C0000-0x0000000002734000-memory.exe

C:\Users\Admin\AppData\Local\Temp\684-3130-0x00000000026C0000-0x0000000002734000-memory.exe
"C:\Users\Admin\AppData\Local\Temp\684-3130-0x00000000026C0000-0x0000000002734000-memory.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1724

memory/1724-54-0x0000000000D20000-0x0000000000D94000-memory.dmp

Filesize
464KB

Download
memory/1724-55-0x0000000000340000-0x0000000000346000-memory.dmp

Filesize
24KB

Download