Analysis
-
max time kernel
31s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
28-03-2023 04:24
Behavioral task
behavioral1
Sample
1940-149-0x0000000003620000-0x0000000003664000-memory.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
1940-149-0x0000000003620000-0x0000000003664000-memory.exe
Resource
win10v2004-20230221-en
General
-
Target
1940-149-0x0000000003620000-0x0000000003664000-memory.exe
-
Size
272KB
-
MD5
a50a97323b5413175f15e0e10be90f32
-
SHA1
0a0ac05e8d900ad3d449bf48658fd398979895c1
-
SHA256
6c7f5c7d0b8d111b6a034bc92baf8d0aa049593149a54b8f79a41cb9be3b078e
-
SHA512
395047b6961a56391460aede0e4e4ec9c1b8bd021f00a7be4485ef4611260d410a9273c071a987f821820b5e4855932ed77a84458be04c3cc5b214044f5df264
-
SSDEEP
3072:/z6jYELL6VXXCG/SyVXtwkw/em3EvLc9Cao40VBaw8hUJnSVJBb7xNn2pU9f2MK2:/z6jU1KyZtwLe2EvLcSJ8hinSVJBzK+
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1692-54-0x0000000001140000-0x0000000001184000-memory.dmp family_redline -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
1940-149-0x0000000003620000-0x0000000003664000-memory.exedescription pid process Token: SeDebugPrivilege 1692 1940-149-0x0000000003620000-0x0000000003664000-memory.exe