redline | 02f93b19abcb1cbe45ed712fca6d0a12003d4773ae2542e6e0c6beef72f893f0

Analysis

max time kernel
142s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
05/05/2023, 20:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

kp160132.exe
Size

341KB
MD5

e19fc45bbf4f45641107932fd33f3902
SHA1

34a086b99939cbb7884e7e3e14828cbe2c3051fd
SHA256

02f93b19abcb1cbe45ed712fca6d0a12003d4773ae2542e6e0c6beef72f893f0
SHA512

d6884f90ab8936bfe05228f6e0b0607b808dc55b48690794b973d34bde0e7a2ed68ea903a18c9add8b362d42623e3273fae97d56fde93f9e9131d80cfda0b37c
SSDEEP

6144:4PvSpHugNiXhqlniIVdUNg9LcR6IbPByGEJB5/xgf2g2T:4PvSQqlniIVdUN0cRjbPB6Bx8I

Score

10^/10

redline infostealer stealer

Malware Config

Signatures

Detects Redline Stealer samples 1 IoCs

This rule detects the presence of Redline Stealer samples based on their unique strings.

stealer

resource	yara_rule
behavioral2/memory/4804-931-0x0000000009E20000-0x000000000A438000-memory.dmp	redline_stealer

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4804	kp160132.exe

C:\Users\Admin\AppData\Local\Temp\kp160132.exe
"C:\Users\Admin\AppData\Local\Temp\kp160132.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4804-134-0x00000000047B0000-0x00000000047F6000-memory.dmp

Filesize
280KB

Download
memory/4804-135-0x00000000073F0000-0x0000000007994000-memory.dmp

Filesize
5.6MB

Download
memory/4804-136-0x00000000073E0000-0x00000000073F0000-memory.dmp

Filesize
64KB

Download
memory/4804-137-0x00000000073E0000-0x00000000073F0000-memory.dmp

Filesize
64KB

Download
memory/4804-138-0x00000000073E0000-0x00000000073F0000-memory.dmp

Filesize
64KB

Download
memory/4804-139-0x00000000072C0000-0x00000000072F5000-memory.dmp

Filesize
212KB

Download
memory/4804-140-0x00000000072C0000-0x00000000072F5000-memory.dmp

Filesize
212KB

Download
memory/4804-142-0x00000000072C0000-0x00000000072F5000-memory.dmp

Filesize
212KB

Download
memory/4804-144-0x00000000072C0000-0x00000000072F5000-memory.dmp

Filesize
212KB

Download
memory/4804-146-0x00000000072C0000-0x00000000072F5000-memory.dmp

Filesize
212KB

Download
memory/4804-148-0x00000000072C0000-0x00000000072F5000-memory.dmp

Filesize
212KB

Download
memory/4804-150-0x00000000072C0000-0x00000000072F5000-memory.dmp

Filesize
212KB

Download
memory/4804-152-0x00000000072C0000-0x00000000072F5000-memory.dmp

Filesize
212KB

Download
memory/4804-154-0x00000000072C0000-0x00000000072F5000-memory.dmp

Filesize
212KB

Download
memory/4804-156-0x00000000072C0000-0x00000000072F5000-memory.dmp

Filesize
212KB

Download
memory/4804-158-0x00000000072C0000-0x00000000072F5000-memory.dmp

Filesize
212KB

Download
memory/4804-160-0x00000000072C0000-0x00000000072F5000-memory.dmp

Filesize
212KB

Download
memory/4804-162-0x00000000072C0000-0x00000000072F5000-memory.dmp

Filesize
212KB

Download
memory/4804-168-0x00000000072C0000-0x00000000072F5000-memory.dmp

Filesize
212KB

Download
memory/4804-166-0x00000000072C0000-0x00000000072F5000-memory.dmp

Filesize
212KB

Download
memory/4804-164-0x00000000072C0000-0x00000000072F5000-memory.dmp

Filesize
212KB

Download
memory/4804-170-0x00000000072C0000-0x00000000072F5000-memory.dmp

Filesize
212KB

Download
memory/4804-172-0x00000000072C0000-0x00000000072F5000-memory.dmp

Filesize
212KB

Download
memory/4804-176-0x00000000072C0000-0x00000000072F5000-memory.dmp

Filesize
212KB

Download
memory/4804-174-0x00000000072C0000-0x00000000072F5000-memory.dmp

Filesize
212KB

Download
memory/4804-178-0x00000000072C0000-0x00000000072F5000-memory.dmp

Filesize
212KB

Download
memory/4804-180-0x00000000072C0000-0x00000000072F5000-memory.dmp

Filesize
212KB

Download
memory/4804-182-0x00000000072C0000-0x00000000072F5000-memory.dmp

Filesize
212KB

Download
memory/4804-184-0x00000000072C0000-0x00000000072F5000-memory.dmp

Filesize
212KB

Download
memory/4804-186-0x00000000072C0000-0x00000000072F5000-memory.dmp

Filesize
212KB

Download
memory/4804-188-0x00000000072C0000-0x00000000072F5000-memory.dmp

Filesize
212KB

Download
memory/4804-190-0x00000000072C0000-0x00000000072F5000-memory.dmp

Filesize
212KB

Download
memory/4804-192-0x00000000072C0000-0x00000000072F5000-memory.dmp

Filesize
212KB

Download
memory/4804-194-0x00000000072C0000-0x00000000072F5000-memory.dmp

Filesize
212KB

Download
memory/4804-196-0x00000000072C0000-0x00000000072F5000-memory.dmp

Filesize
212KB

Download
memory/4804-198-0x00000000072C0000-0x00000000072F5000-memory.dmp

Filesize
212KB

Download
memory/4804-200-0x00000000072C0000-0x00000000072F5000-memory.dmp

Filesize
212KB

Download
memory/4804-202-0x00000000072C0000-0x00000000072F5000-memory.dmp

Filesize
212KB

Download
memory/4804-931-0x0000000009E20000-0x000000000A438000-memory.dmp

Filesize
6.1MB

Download
memory/4804-932-0x000000000A440000-0x000000000A452000-memory.dmp

Filesize
72KB

Download
memory/4804-933-0x000000000A460000-0x000000000A56A000-memory.dmp

Filesize
1.0MB

Download
memory/4804-934-0x000000000A580000-0x000000000A5BC000-memory.dmp

Filesize
240KB

Download
memory/4804-935-0x00000000073E0000-0x00000000073F0000-memory.dmp

Filesize
64KB

Download
memory/4804-937-0x00000000073E0000-0x00000000073F0000-memory.dmp

Filesize
64KB

Download
memory/4804-938-0x00000000073E0000-0x00000000073F0000-memory.dmp

Filesize
64KB

Download
memory/4804-939-0x00000000073E0000-0x00000000073F0000-memory.dmp

Filesize
64KB

Download
memory/4804-940-0x00000000073E0000-0x00000000073F0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads