redline | 7fb765d89eb0d387a8779d897f320b0309f0bf93acdc96cc8b155878bee7ceb9

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
30/03/2023, 01:41

Target

3364-173-0x0000000005250000-0x00000000052A2000-memory.exe
Size

328KB
MD5

8f82890c44aff4427084a164a8708bbc
SHA1

8d38d7dde13a6f1fe72c4a281c54c72aa6308cce
SHA256

7fb765d89eb0d387a8779d897f320b0309f0bf93acdc96cc8b155878bee7ceb9
SHA512

13760e7927fd6da51289a5b842905208262786972941bf04377e52c9ba967e04393259f23f116b30eee7ece64207dab47a8cfd5bb3370e6a892c6c832720eddb
SSDEEP

3072:/4JS+yL3KN09yt41ScYumzdnnrsp04O4/eZJNfiALSrBdn5xkArN:syLaN09y7cYumzt0yU3kA

Score

10^/10

Family

redline

Botnet

ROBER

138.201.195.134:15564

Attributes

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral1/memory/1408-54-0x0000000000AE0000-0x0000000000B38000-memory.dmp	family_redline

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1408	3364-173-0x0000000005250000-0x00000000052A2000-memory.exe

C:\Users\Admin\AppData\Local\Temp\3364-173-0x0000000005250000-0x00000000052A2000-memory.exe
"C:\Users\Admin\AppData\Local\Temp\3364-173-0x0000000005250000-0x00000000052A2000-memory.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1408

memory/1408-54-0x0000000000AE0000-0x0000000000B38000-memory.dmp

Filesize
352KB

Download