redline | 8851a03fd1757c460d9d8fddd8841394aad3e6142db9998816488f736d6cf3b9

Analysis

max time kernel
27s
max time network
31s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
13/03/2023, 08:26

Target

2024-155-0x0000000002350000-0x0000000002394000-memory.exe
Size

272KB
MD5

007f752a0b34e4699e44ac193b985c3a
SHA1

236ff66ebbc6978960b5efceb8d9e79155720add
SHA256

8851a03fd1757c460d9d8fddd8841394aad3e6142db9998816488f736d6cf3b9
SHA512

166cc180f32ab6bcdca89fe222485190f4de7c869fbd30f3c4aba170c36919ad139e13b4b37db1f54a6a091c455f1955fede398245a34623350c022c73ef984a
SSDEEP

3072:J6j4ELN6FY9Cff3n0sk+wziR/o40DrNwAhFMnImax8EExNn2pU9f2MKTV/wi4lrO:J6jiD30sk+wzYZAhunI7x8

Score

10^/10

Family

redline

Botnet

mango

193.233.20.28:4125

Attributes

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral1/memory/1736-54-0x0000000000200000-0x0000000000244000-memory.dmp	family_redline

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1736	2024-155-0x0000000002350000-0x0000000002394000-memory.exe

C:\Users\Admin\AppData\Local\Temp\2024-155-0x0000000002350000-0x0000000002394000-memory.exe
"C:\Users\Admin\AppData\Local\Temp\2024-155-0x0000000002350000-0x0000000002394000-memory.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1736

memory/1736-54-0x0000000000200000-0x0000000000244000-memory.dmp

Filesize
272KB

Download