redline | 1f8cd2662ec9b5e249c79a0bf4b03e6f584794a9ac087be7f8b257f7f813bb84

Analysis

max time kernel
137s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
24/03/2023, 19:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

sample.exe
Size

3.9MB
MD5

52430366ded3db6cc20919d2ca3f315c
SHA1

fea75632f000afcb45d25a7f4c623ccaa72d17db
SHA256

1f8cd2662ec9b5e249c79a0bf4b03e6f584794a9ac087be7f8b257f7f813bb84
SHA512

4fd8cfd21d5a4954e8fbc67d2aa4d08d532485a35d1a924a2f084da60de829cc3f32cd7726c8cf2ea8e3cf716c8c18336cf5286508b93a6da2037c5f63c29597
SSDEEP

98304:ezXXqjn5ie+xlo0+at12K39nFzBoJL7KGue3zN484Mwo6jy5R0oHU93Gz+:ezXXqjncxlo0+S1FzBoZ2Ve3J45xm5RO

Score

10^/10

redline infostealer

Malware Config

Extracted

Family

redline

185.200.191.18:80

Attributes

auth_value
470ee96cae88bc7ec6439074338e8e8b

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral2/memory/4592-147-0x0000000000400000-0x0000000000420000-memory.dmp	family_redline

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 452 set thread context of 4592	452	sample.exe	87

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 452 wrote to memory of 4592	452	sample.exe	87
PID 452 wrote to memory of 4592	452	sample.exe	87
PID 452 wrote to memory of 4592	452	sample.exe	87
PID 452 wrote to memory of 4592	452	sample.exe	87
PID 452 wrote to memory of 4592	452	sample.exe	87

C:\Users\Admin\AppData\Local\Temp\sample.exe
"C:\Users\Admin\AppData\Local\Temp\sample.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:452
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:4592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/452-140-0x0000000000400000-0x0000000000A1A000-memory.dmp

Filesize
6.1MB

Download
memory/452-133-0x0000000000400000-0x0000000000A1A000-memory.dmp

Filesize
6.1MB

Download
memory/452-136-0x0000000002A10000-0x0000000002A11000-memory.dmp

Filesize
4KB

Download
memory/452-135-0x00000000029F0000-0x00000000029F1000-memory.dmp

Filesize
4KB

Download
memory/452-139-0x0000000002A30000-0x0000000002A31000-memory.dmp

Filesize
4KB

Download
memory/452-138-0x00000000029C0000-0x00000000029C1000-memory.dmp

Filesize
4KB

Download
memory/452-137-0x00000000029A0000-0x00000000029A1000-memory.dmp

Filesize
4KB

Download
memory/452-141-0x0000000002A50000-0x0000000002A51000-memory.dmp

Filesize
4KB

Download
memory/452-134-0x00000000027B0000-0x0000000002810000-memory.dmp

Filesize
384KB

Download
memory/452-152-0x0000000000400000-0x0000000000A1A000-memory.dmp

Filesize
6.1MB

Download
memory/4592-147-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4592-153-0x0000000005B80000-0x0000000006198000-memory.dmp

Filesize
6.1MB

Download
memory/4592-154-0x0000000005620000-0x0000000005632000-memory.dmp

Filesize
72KB

Download
memory/4592-155-0x0000000005750000-0x000000000585A000-memory.dmp

Filesize
1.0MB

Download
memory/4592-156-0x0000000005680000-0x00000000056BC000-memory.dmp

Filesize
240KB

Download
memory/4592-157-0x0000000005980000-0x0000000005990000-memory.dmp

Filesize
64KB

Download
memory/4592-158-0x0000000005980000-0x0000000005990000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads