redline | 048b6a1e8e6e5a162ee03ffebec10b4811f315b1655086eae04ace9efaebb5eb

Analysis

max time kernel
151s
max time network
177s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01/05/2023, 19:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

kp232100.exe
Size

459KB
MD5

4b27e573c9d63a0929c243d80ff035f0
SHA1

945f8a0a959233ec26eef307b7600d83041d484a
SHA256

048b6a1e8e6e5a162ee03ffebec10b4811f315b1655086eae04ace9efaebb5eb
SHA512

9851a813c3e8dd09ecbf5264d7491e84baac1597e347d5c0c4d09b68cfcf83d42b25a526b794f096e42dc2f2a6031abd268109dcdd9913f23020f3aebfd6d33a
SSDEEP

12288:W6ivt/yNFh9n/ZR/UCIk9zsBtLXO+DUt:WTvt/y9N/Dcy0LXJDM

Score

10^/10

redline infostealer stealer

Malware Config

Signatures

Detects Redline Stealer samples 1 IoCs

This rule detects the presence of Redline Stealer samples based on their unique strings.

stealer

resource	yara_rule
behavioral2/memory/1944-933-0x0000000007AA0000-0x00000000080B8000-memory.dmp	redline_stealer

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1944	kp232100.exe

C:\Users\Admin\AppData\Local\Temp\kp232100.exe
"C:\Users\Admin\AppData\Local\Temp\kp232100.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1944-134-0x0000000000400000-0x0000000000817000-memory.dmp

Filesize
4.1MB

Download
memory/1944-135-0x0000000002560000-0x00000000025A6000-memory.dmp

Filesize
280KB

Download
memory/1944-137-0x0000000005070000-0x0000000005614000-memory.dmp

Filesize
5.6MB

Download
memory/1944-138-0x0000000005060000-0x0000000005070000-memory.dmp

Filesize
64KB

Download
memory/1944-139-0x0000000005060000-0x0000000005070000-memory.dmp

Filesize
64KB

Download
memory/1944-140-0x0000000004F30000-0x0000000004F65000-memory.dmp

Filesize
212KB

Download
memory/1944-141-0x0000000004F30000-0x0000000004F65000-memory.dmp

Filesize
212KB

Download
memory/1944-143-0x0000000004F30000-0x0000000004F65000-memory.dmp

Filesize
212KB

Download
memory/1944-145-0x0000000004F30000-0x0000000004F65000-memory.dmp

Filesize
212KB

Download
memory/1944-147-0x0000000004F30000-0x0000000004F65000-memory.dmp

Filesize
212KB

Download
memory/1944-149-0x0000000004F30000-0x0000000004F65000-memory.dmp

Filesize
212KB

Download
memory/1944-151-0x0000000004F30000-0x0000000004F65000-memory.dmp

Filesize
212KB

Download
memory/1944-153-0x0000000004F30000-0x0000000004F65000-memory.dmp

Filesize
212KB

Download
memory/1944-155-0x0000000004F30000-0x0000000004F65000-memory.dmp

Filesize
212KB

Download
memory/1944-157-0x0000000004F30000-0x0000000004F65000-memory.dmp

Filesize
212KB

Download
memory/1944-159-0x0000000004F30000-0x0000000004F65000-memory.dmp

Filesize
212KB

Download
memory/1944-161-0x0000000004F30000-0x0000000004F65000-memory.dmp

Filesize
212KB

Download
memory/1944-163-0x0000000004F30000-0x0000000004F65000-memory.dmp

Filesize
212KB

Download
memory/1944-165-0x0000000004F30000-0x0000000004F65000-memory.dmp

Filesize
212KB

Download
memory/1944-167-0x0000000004F30000-0x0000000004F65000-memory.dmp

Filesize
212KB

Download
memory/1944-169-0x0000000004F30000-0x0000000004F65000-memory.dmp

Filesize
212KB

Download
memory/1944-171-0x0000000004F30000-0x0000000004F65000-memory.dmp

Filesize
212KB

Download
memory/1944-173-0x0000000004F30000-0x0000000004F65000-memory.dmp

Filesize
212KB

Download
memory/1944-175-0x0000000004F30000-0x0000000004F65000-memory.dmp

Filesize
212KB

Download
memory/1944-177-0x0000000004F30000-0x0000000004F65000-memory.dmp

Filesize
212KB

Download
memory/1944-179-0x0000000004F30000-0x0000000004F65000-memory.dmp

Filesize
212KB

Download
memory/1944-181-0x0000000004F30000-0x0000000004F65000-memory.dmp

Filesize
212KB

Download
memory/1944-183-0x0000000004F30000-0x0000000004F65000-memory.dmp

Filesize
212KB

Download
memory/1944-185-0x0000000004F30000-0x0000000004F65000-memory.dmp

Filesize
212KB

Download
memory/1944-187-0x0000000004F30000-0x0000000004F65000-memory.dmp

Filesize
212KB

Download
memory/1944-189-0x0000000004F30000-0x0000000004F65000-memory.dmp

Filesize
212KB

Download
memory/1944-191-0x0000000004F30000-0x0000000004F65000-memory.dmp

Filesize
212KB

Download
memory/1944-193-0x0000000004F30000-0x0000000004F65000-memory.dmp

Filesize
212KB

Download
memory/1944-195-0x0000000004F30000-0x0000000004F65000-memory.dmp

Filesize
212KB

Download
memory/1944-197-0x0000000004F30000-0x0000000004F65000-memory.dmp

Filesize
212KB

Download
memory/1944-199-0x0000000004F30000-0x0000000004F65000-memory.dmp

Filesize
212KB

Download
memory/1944-201-0x0000000004F30000-0x0000000004F65000-memory.dmp

Filesize
212KB

Download
memory/1944-933-0x0000000007AA0000-0x00000000080B8000-memory.dmp

Filesize
6.1MB

Download
memory/1944-934-0x00000000080C0000-0x00000000080D2000-memory.dmp

Filesize
72KB

Download
memory/1944-935-0x00000000080E0000-0x00000000081EA000-memory.dmp

Filesize
1.0MB

Download
memory/1944-936-0x00000000081F0000-0x000000000822C000-memory.dmp

Filesize
240KB

Download
memory/1944-937-0x0000000005060000-0x0000000005070000-memory.dmp

Filesize
64KB

Download
memory/1944-938-0x0000000005060000-0x0000000005070000-memory.dmp

Filesize
64KB

Download
memory/1944-939-0x0000000005060000-0x0000000005070000-memory.dmp

Filesize
64KB

Download
memory/1944-941-0x0000000005060000-0x0000000005070000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads