redline | 7b091f239f9f3bbc9635610f92615a9300447de3f2fb8122d15ac4905f0ee160

Analysis

max time kernel
151s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01-05-2023 19:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

kp865946.exe
Size

415KB
MD5

21816a1a66b91fb16cc812a5f6195b95
SHA1

a22c8962e22f4918228fbdb06bbf3b941e994604
SHA256

7b091f239f9f3bbc9635610f92615a9300447de3f2fb8122d15ac4905f0ee160
SHA512

5ec5405b7af37444cdacbfc727cac4edd9c26018bcdf63192b292aaeb1e06be0cb11b080975287b80be4d9260f4cc1c6236d5d68e779f71bfcba197c7871c50f
SSDEEP

6144:8l+QF2f3V8Y1uxu72vBVyqUxWYYZUpVGO9/RzudNDd/EP1:8HF2f36uujhZU+dNx/E

Score

10^/10

redline infostealer stealer

Malware Config

Signatures

Detects Redline Stealer samples 1 IoCs

This rule detects the presence of Redline Stealer samples based on their unique strings.

stealer

resource	yara_rule
behavioral2/memory/3012-932-0x0000000007670000-0x0000000007C88000-memory.dmp	redline_stealer

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3012	kp865946.exe

C:\Users\Admin\AppData\Local\Temp\kp865946.exe
"C:\Users\Admin\AppData\Local\Temp\kp865946.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3012-134-0x0000000002230000-0x0000000002276000-memory.dmp

Filesize
280KB

Download
memory/3012-135-0x0000000004C30000-0x0000000004C40000-memory.dmp

Filesize
64KB

Download
memory/3012-136-0x0000000004C30000-0x0000000004C40000-memory.dmp

Filesize
64KB

Download
memory/3012-137-0x0000000004C40000-0x00000000051E4000-memory.dmp

Filesize
5.6MB

Download
memory/3012-138-0x0000000000400000-0x000000000047B000-memory.dmp

Filesize
492KB

Download
memory/3012-139-0x0000000004B60000-0x0000000004B95000-memory.dmp

Filesize
212KB

Download
memory/3012-140-0x0000000004B60000-0x0000000004B95000-memory.dmp

Filesize
212KB

Download
memory/3012-142-0x0000000004B60000-0x0000000004B95000-memory.dmp

Filesize
212KB

Download
memory/3012-144-0x0000000004B60000-0x0000000004B95000-memory.dmp

Filesize
212KB

Download
memory/3012-146-0x0000000004B60000-0x0000000004B95000-memory.dmp

Filesize
212KB

Download
memory/3012-148-0x0000000004B60000-0x0000000004B95000-memory.dmp

Filesize
212KB

Download
memory/3012-150-0x0000000004B60000-0x0000000004B95000-memory.dmp

Filesize
212KB

Download
memory/3012-152-0x0000000004B60000-0x0000000004B95000-memory.dmp

Filesize
212KB

Download
memory/3012-154-0x0000000004B60000-0x0000000004B95000-memory.dmp

Filesize
212KB

Download
memory/3012-156-0x0000000004B60000-0x0000000004B95000-memory.dmp

Filesize
212KB

Download
memory/3012-158-0x0000000004B60000-0x0000000004B95000-memory.dmp

Filesize
212KB

Download
memory/3012-160-0x0000000004B60000-0x0000000004B95000-memory.dmp

Filesize
212KB

Download
memory/3012-162-0x0000000002230000-0x0000000002276000-memory.dmp

Filesize
280KB

Download
memory/3012-163-0x0000000004B60000-0x0000000004B95000-memory.dmp

Filesize
212KB

Download
memory/3012-165-0x0000000004B60000-0x0000000004B95000-memory.dmp

Filesize
212KB

Download
memory/3012-167-0x0000000004B60000-0x0000000004B95000-memory.dmp

Filesize
212KB

Download
memory/3012-171-0x0000000004B60000-0x0000000004B95000-memory.dmp

Filesize
212KB

Download
memory/3012-173-0x0000000004B60000-0x0000000004B95000-memory.dmp

Filesize
212KB

Download
memory/3012-169-0x0000000004B60000-0x0000000004B95000-memory.dmp

Filesize
212KB

Download
memory/3012-175-0x0000000004B60000-0x0000000004B95000-memory.dmp

Filesize
212KB

Download
memory/3012-177-0x0000000004B60000-0x0000000004B95000-memory.dmp

Filesize
212KB

Download
memory/3012-179-0x0000000004B60000-0x0000000004B95000-memory.dmp

Filesize
212KB

Download
memory/3012-181-0x0000000004B60000-0x0000000004B95000-memory.dmp

Filesize
212KB

Download
memory/3012-183-0x0000000004B60000-0x0000000004B95000-memory.dmp

Filesize
212KB

Download
memory/3012-185-0x0000000004B60000-0x0000000004B95000-memory.dmp

Filesize
212KB

Download
memory/3012-187-0x0000000004B60000-0x0000000004B95000-memory.dmp

Filesize
212KB

Download
memory/3012-189-0x0000000004B60000-0x0000000004B95000-memory.dmp

Filesize
212KB

Download
memory/3012-191-0x0000000004B60000-0x0000000004B95000-memory.dmp

Filesize
212KB

Download
memory/3012-193-0x0000000004B60000-0x0000000004B95000-memory.dmp

Filesize
212KB

Download
memory/3012-195-0x0000000004B60000-0x0000000004B95000-memory.dmp

Filesize
212KB

Download
memory/3012-197-0x0000000004B60000-0x0000000004B95000-memory.dmp

Filesize
212KB

Download
memory/3012-199-0x0000000004B60000-0x0000000004B95000-memory.dmp

Filesize
212KB

Download
memory/3012-201-0x0000000004B60000-0x0000000004B95000-memory.dmp

Filesize
212KB

Download
memory/3012-932-0x0000000007670000-0x0000000007C88000-memory.dmp

Filesize
6.1MB

Download
memory/3012-933-0x0000000007D10000-0x0000000007D22000-memory.dmp

Filesize
72KB

Download
memory/3012-934-0x0000000004C30000-0x0000000004C40000-memory.dmp

Filesize
64KB

Download
memory/3012-935-0x0000000007D30000-0x0000000007E3A000-memory.dmp

Filesize
1.0MB

Download
memory/3012-936-0x0000000004C30000-0x0000000004C40000-memory.dmp

Filesize
64KB

Download
memory/3012-938-0x0000000004C30000-0x0000000004C40000-memory.dmp

Filesize
64KB

Download
memory/3012-939-0x0000000007E60000-0x0000000007E9C000-memory.dmp

Filesize
240KB

Download
memory/3012-941-0x0000000004C30000-0x0000000004C40000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads