redline | 0cfa2bd206a874404bf7ee8f0afee5f64b512b8a598439e2c2effbcd4dd18b93

Analysis

max time kernel
141s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
05-05-2023 20:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

rk344672.exe
Size

341KB
MD5

88b1bb67fb1bfe19a716995edec097aa
SHA1

af1c148081dfba5d6a3d7c82628f370794501b7b
SHA256

0cfa2bd206a874404bf7ee8f0afee5f64b512b8a598439e2c2effbcd4dd18b93
SHA512

1eb466e0b4e6cb2a85bd5a95c44032cd09de8c379366a7b9a5e4b4053f136c43ee3892a3e3d3bf6cde8db28985a3c78c92a89c3655f0516bb1c9c58d1fc5a328
SSDEEP

6144:BYhZIJqcfqBbZVj2UVir0JNciLlhNcTy3mPY/1Fyj:qfUqcfqBzj28ir0JBh2qmQ/Pyj

Score

10^/10

redline infostealer stealer

Malware Config

Signatures

Detects Redline Stealer samples 1 IoCs

This rule detects the presence of Redline Stealer samples based on their unique strings.

stealer

resource	yara_rule
behavioral2/memory/3904-931-0x0000000007690000-0x0000000007CA8000-memory.dmp	redline_stealer

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3904	rk344672.exe

C:\Users\Admin\AppData\Local\Temp\rk344672.exe
"C:\Users\Admin\AppData\Local\Temp\rk344672.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3904-134-0x0000000002210000-0x0000000002256000-memory.dmp

Filesize
280KB

Download
memory/3904-135-0x0000000004D50000-0x0000000004D60000-memory.dmp

Filesize
64KB

Download
memory/3904-136-0x0000000004D60000-0x0000000005304000-memory.dmp

Filesize
5.6MB

Download
memory/3904-137-0x0000000004BC0000-0x0000000004BF5000-memory.dmp

Filesize
212KB

Download
memory/3904-140-0x0000000004BC0000-0x0000000004BF5000-memory.dmp

Filesize
212KB

Download
memory/3904-138-0x0000000004BC0000-0x0000000004BF5000-memory.dmp

Filesize
212KB

Download
memory/3904-142-0x0000000004BC0000-0x0000000004BF5000-memory.dmp

Filesize
212KB

Download
memory/3904-144-0x0000000004BC0000-0x0000000004BF5000-memory.dmp

Filesize
212KB

Download
memory/3904-146-0x0000000004BC0000-0x0000000004BF5000-memory.dmp

Filesize
212KB

Download
memory/3904-148-0x0000000004BC0000-0x0000000004BF5000-memory.dmp

Filesize
212KB

Download
memory/3904-150-0x0000000004BC0000-0x0000000004BF5000-memory.dmp

Filesize
212KB

Download
memory/3904-152-0x0000000004BC0000-0x0000000004BF5000-memory.dmp

Filesize
212KB

Download
memory/3904-154-0x0000000004BC0000-0x0000000004BF5000-memory.dmp

Filesize
212KB

Download
memory/3904-156-0x0000000004BC0000-0x0000000004BF5000-memory.dmp

Filesize
212KB

Download
memory/3904-158-0x0000000004BC0000-0x0000000004BF5000-memory.dmp

Filesize
212KB

Download
memory/3904-160-0x0000000004BC0000-0x0000000004BF5000-memory.dmp

Filesize
212KB

Download
memory/3904-162-0x0000000004BC0000-0x0000000004BF5000-memory.dmp

Filesize
212KB

Download
memory/3904-164-0x0000000004BC0000-0x0000000004BF5000-memory.dmp

Filesize
212KB

Download
memory/3904-166-0x0000000004BC0000-0x0000000004BF5000-memory.dmp

Filesize
212KB

Download
memory/3904-168-0x0000000004BC0000-0x0000000004BF5000-memory.dmp

Filesize
212KB

Download
memory/3904-170-0x0000000004BC0000-0x0000000004BF5000-memory.dmp

Filesize
212KB

Download
memory/3904-172-0x0000000004BC0000-0x0000000004BF5000-memory.dmp

Filesize
212KB

Download
memory/3904-174-0x0000000004BC0000-0x0000000004BF5000-memory.dmp

Filesize
212KB

Download
memory/3904-176-0x0000000004BC0000-0x0000000004BF5000-memory.dmp

Filesize
212KB

Download
memory/3904-180-0x0000000004BC0000-0x0000000004BF5000-memory.dmp

Filesize
212KB

Download
memory/3904-178-0x0000000004BC0000-0x0000000004BF5000-memory.dmp

Filesize
212KB

Download
memory/3904-182-0x0000000004BC0000-0x0000000004BF5000-memory.dmp

Filesize
212KB

Download
memory/3904-184-0x0000000004BC0000-0x0000000004BF5000-memory.dmp

Filesize
212KB

Download
memory/3904-186-0x0000000004BC0000-0x0000000004BF5000-memory.dmp

Filesize
212KB

Download
memory/3904-188-0x0000000004BC0000-0x0000000004BF5000-memory.dmp

Filesize
212KB

Download
memory/3904-190-0x0000000004BC0000-0x0000000004BF5000-memory.dmp

Filesize
212KB

Download
memory/3904-192-0x0000000004BC0000-0x0000000004BF5000-memory.dmp

Filesize
212KB

Download
memory/3904-194-0x0000000004BC0000-0x0000000004BF5000-memory.dmp

Filesize
212KB

Download
memory/3904-196-0x0000000004BC0000-0x0000000004BF5000-memory.dmp

Filesize
212KB

Download
memory/3904-199-0x0000000004BC0000-0x0000000004BF5000-memory.dmp

Filesize
212KB

Download
memory/3904-198-0x0000000004D50000-0x0000000004D60000-memory.dmp

Filesize
64KB

Download
memory/3904-202-0x0000000004BC0000-0x0000000004BF5000-memory.dmp

Filesize
212KB

Download
memory/3904-201-0x0000000004D50000-0x0000000004D60000-memory.dmp

Filesize
64KB

Download
memory/3904-931-0x0000000007690000-0x0000000007CA8000-memory.dmp

Filesize
6.1MB

Download
memory/3904-932-0x0000000007D00000-0x0000000007D12000-memory.dmp

Filesize
72KB

Download
memory/3904-933-0x0000000007D20000-0x0000000007E2A000-memory.dmp

Filesize
1.0MB

Download
memory/3904-934-0x0000000004D50000-0x0000000004D60000-memory.dmp

Filesize
64KB

Download
memory/3904-935-0x0000000007E40000-0x0000000007E7C000-memory.dmp

Filesize
240KB

Download
memory/3904-937-0x0000000004D50000-0x0000000004D60000-memory.dmp

Filesize
64KB

Download
memory/3904-938-0x0000000004D50000-0x0000000004D60000-memory.dmp

Filesize
64KB

Download
memory/3904-939-0x0000000004D50000-0x0000000004D60000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads