Analysis
-
max time kernel
31s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
24-02-2023 00:24
Behavioral task
behavioral1
Sample
684-3130-0x00000000026C0000-0x0000000002734000-memory.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
684-3130-0x00000000026C0000-0x0000000002734000-memory.exe
Resource
win10v2004-20230220-en
General
-
Target
684-3130-0x00000000026C0000-0x0000000002734000-memory.exe
-
Size
464KB
-
MD5
cb1efe2022646e7fcc0bfa66aaae1325
-
SHA1
c75385ab2ac3573015ebbec4992cf5785208f095
-
SHA256
87707a5eb60b7188dae09b52b088bff8ecfdb8edf8f344f3522ba958b2c0179c
-
SHA512
40f4560365c41c9efb6de88f3157cee8de4ecd88acc5a4e02a2459aad4c95aec1289e457a24cdf6f66aca3c94f4d7ffcb2ac5f18ebc4ab79dffc6c9caa163741
-
SSDEEP
12288:280gKe0A0PltOoPmL+uD417OMUhSSmNM:H0PltweM
Malware Config
Extracted
redline
Hack
154.17.165.178:10377
-
auth_value
50233687e98ee274b44a32fcc741f9a4
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1724-54-0x0000000000D20000-0x0000000000D94000-memory.dmp family_redline -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
684-3130-0x00000000026C0000-0x0000000002734000-memory.exedescription pid process Token: SeDebugPrivilege 1724 684-3130-0x00000000026C0000-0x0000000002734000-memory.exe