redline | 38e82c29e3e65f853e87c029cfc5cb2a567ee9ec6e732196d3cab5e1737f195c

Analysis

max time kernel
140s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
05-05-2023 18:09

Target

0x00090000000123016566.exe
Size

168KB
MD5

8153a945112d95fcb4563fde67ea4999
SHA1

133f4c1c66cf7a22373c8b35fd55297ed32bdf11
SHA256

38e82c29e3e65f853e87c029cfc5cb2a567ee9ec6e732196d3cab5e1737f195c
SHA512

5ce2b95e279822f442d0da9a588c2e940e114cc82dec6a74cd91c28317c67be536d61cf4792c351a68ed50f59797e982b4139cc623d833606c31e2e6295c0ea3
SSDEEP

1536:ncJK7qlVZRGW4XqrozC3iGOmE+lrcI2nBCTGqV8buV+jys0ausT83wYk98e8he:nc4VVzxNf3qV0/yNausTb8e8he

Score

10^/10

Family

redline

Botnet

life

185.161.248.73:4164

Attributes

Detects Redline Stealer samples 1 IoCs

This rule detects the presence of Redline Stealer samples based on their unique strings.

Processes:

resource	yara_rule
behavioral2/memory/4284-134-0x0000000005A00000-0x0000000006018000-memory.dmp	redline_stealer

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

C:\Users\Admin\AppData\Local\Temp\0x00090000000123016566.exe
"C:\Users\Admin\AppData\Local\Temp\0x00090000000123016566.exe"
1⤵
PID:4284

memory/4284-133-0x00000000009C0000-0x00000000009EE000-memory.dmp

Filesize
184KB

Download
memory/4284-134-0x0000000005A00000-0x0000000006018000-memory.dmp

Filesize
6.1MB

Download
memory/4284-135-0x00000000054F0000-0x00000000055FA000-memory.dmp

Filesize
1.0MB

Download
memory/4284-136-0x0000000005420000-0x0000000005432000-memory.dmp

Filesize
72KB

Download
memory/4284-137-0x00000000052D0000-0x00000000052E0000-memory.dmp

Filesize
64KB

Download
memory/4284-138-0x0000000005480000-0x00000000054BC000-memory.dmp

Filesize
240KB

Download
memory/4284-139-0x00000000052D0000-0x00000000052E0000-memory.dmp

Filesize
64KB

Download