Analysis
-
max time kernel
83s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
24-02-2023 00:24
Behavioral task
behavioral1
Sample
684-3130-0x00000000026C0000-0x0000000002734000-memory.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
684-3130-0x00000000026C0000-0x0000000002734000-memory.exe
Resource
win10v2004-20230220-en
General
-
Target
684-3130-0x00000000026C0000-0x0000000002734000-memory.exe
-
Size
464KB
-
MD5
cb1efe2022646e7fcc0bfa66aaae1325
-
SHA1
c75385ab2ac3573015ebbec4992cf5785208f095
-
SHA256
87707a5eb60b7188dae09b52b088bff8ecfdb8edf8f344f3522ba958b2c0179c
-
SHA512
40f4560365c41c9efb6de88f3157cee8de4ecd88acc5a4e02a2459aad4c95aec1289e457a24cdf6f66aca3c94f4d7ffcb2ac5f18ebc4ab79dffc6c9caa163741
-
SSDEEP
12288:280gKe0A0PltOoPmL+uD417OMUhSSmNM:H0PltweM
Malware Config
Extracted
redline
Hack
154.17.165.178:10377
-
auth_value
50233687e98ee274b44a32fcc741f9a4
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/980-133-0x0000000000430000-0x00000000004A4000-memory.dmp family_redline -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
684-3130-0x00000000026C0000-0x0000000002734000-memory.exedescription pid process Token: SeDebugPrivilege 980 684-3130-0x00000000026C0000-0x0000000002734000-memory.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/980-133-0x0000000000430000-0x00000000004A4000-memory.dmpFilesize
464KB