redline | 2da73bff9624b981e8bedce6cb13d4593eaf758f70bd2ece15dde5ffc6fda065

Analysis

max time kernel
139s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
10-03-2023 22:56

Target

FortHack.exe
Size

2.5MB
MD5

c4d460b4f7da75c7db76347d8de50093
SHA1

d9e250bee98b5d46e6929c6df3c129aa94ca2a40
SHA256

2da73bff9624b981e8bedce6cb13d4593eaf758f70bd2ece15dde5ffc6fda065
SHA512

9fc9fe17ffb5631fd01328bfe9f02f897808cda30969616d279346b2b69c3982858bd36657c5c2b725c934e1350118ca55026c91937e8ee7b540482ca1992333
SSDEEP

24576:2AaodXP6bRPbWYhYOxlwvBVMT+dLEEuoi/GPCOPv1cmd5LZRiI1l3RuQ55313A:28dfiRPe9ShOH1cmd5aI1l3i

Score

10^/10

Family

redline

Botnet

@quppie2000

193.233.193.15:27469

Attributes

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 2 IoCs

resource	yara_rule
behavioral2/memory/188080-133-0x0000000000400000-0x0000000000420000-memory.dmp	family_redline
behavioral2/memory/2240-138-0x0000000000400000-0x0000000000573000-memory.dmp	family_redline

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2240 set thread context of 188080	2240	FortHack.exe	83

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 188080	2240	FortHack.exe	83
PID 2240 wrote to memory of 188080	2240	FortHack.exe	83
PID 2240 wrote to memory of 188080	2240	FortHack.exe	83
PID 2240 wrote to memory of 188080	2240	FortHack.exe	83
PID 2240 wrote to memory of 188080	2240	FortHack.exe	83

C:\Users\Admin\AppData\Local\Temp\FortHack.exe
"C:\Users\Admin\AppData\Local\Temp\FortHack.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:188080

memory/2240-138-0x0000000000400000-0x0000000000573000-memory.dmp

Filesize
1.4MB

Download
memory/188080-133-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/188080-139-0x0000000005610000-0x0000000005C28000-memory.dmp

Filesize
6.1MB

Download
memory/188080-140-0x0000000005060000-0x0000000005072000-memory.dmp

Filesize
72KB

Download
memory/188080-141-0x0000000005190000-0x000000000529A000-memory.dmp

Filesize
1.0MB

Download
memory/188080-142-0x0000000005130000-0x0000000005140000-memory.dmp

Filesize
64KB

Download
memory/188080-143-0x00000000050C0000-0x00000000050FC000-memory.dmp

Filesize
240KB

Download
memory/188080-144-0x0000000005130000-0x0000000005140000-memory.dmp

Filesize
64KB

Download