redline | f1d2be083b63e9fa0fed9dbc812c3ef01f20eecb07455667cb1f55b4309ec1fe

Analysis

max time kernel
292s
max time network
301s
platform
windows10-1703_x64
resource
win10-20230915-en
resource tags

arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
submitted
18/09/2023, 01:37

Target

j9790118.exe
Size

393KB
MD5

c0f6a8667723b11757a4791711e37e2f
SHA1

fca32cb74a6190cd0c930324fc42866594953855
SHA256

f1d2be083b63e9fa0fed9dbc812c3ef01f20eecb07455667cb1f55b4309ec1fe
SHA512

26a98a254005f67b2b5d68ddaa68d79c962c7459afc66d359b634b5066765ff04ad1bdc3871fae3c1b6f7da6ef4afd93c0a1219b965fab303a64d8a9cf86a889
SSDEEP

6144:JBQcaGEZt20ZSwbz8+Dxe8kVAO6loOY8x11sOZRtfCjuih8Ey:JaFzZtT78TUJY8xDdRtfCjuih8Ey

Score

10^/10

Family

redline

Botnet

monik

77.91.124.82:19071

Attributes

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4716 set thread context of 3332	4716	j9790118.exe	71

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4716 wrote to memory of 3332	4716	j9790118.exe	71
PID 4716 wrote to memory of 3332	4716	j9790118.exe	71
PID 4716 wrote to memory of 3332	4716	j9790118.exe	71
PID 4716 wrote to memory of 3332	4716	j9790118.exe	71
PID 4716 wrote to memory of 3332	4716	j9790118.exe	71
PID 4716 wrote to memory of 3332	4716	j9790118.exe	71
PID 4716 wrote to memory of 3332	4716	j9790118.exe	71
PID 4716 wrote to memory of 3332	4716	j9790118.exe	71

C:\Users\Admin\AppData\Local\Temp\j9790118.exe
"C:\Users\Admin\AppData\Local\Temp\j9790118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4716
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:3332

memory/3332-0-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3332-4-0x0000000073860000-0x0000000073F4E000-memory.dmp

Filesize
6.9MB

Download
memory/3332-5-0x0000000007140000-0x0000000007146000-memory.dmp

Filesize
24KB

Download
memory/3332-6-0x000000000F1B0000-0x000000000F7B6000-memory.dmp

Filesize
6.0MB

Download
memory/3332-7-0x000000000ECC0000-0x000000000EDCA000-memory.dmp

Filesize
1.0MB

Download
memory/3332-9-0x0000000009710000-0x0000000009720000-memory.dmp

Filesize
64KB

Download
memory/3332-8-0x000000000EBF0000-0x000000000EC02000-memory.dmp

Filesize
72KB

Download
memory/3332-10-0x000000000EC50000-0x000000000EC8E000-memory.dmp

Filesize
248KB

Download
memory/3332-11-0x000000000EDD0000-0x000000000EE1B000-memory.dmp

Filesize
300KB

Download
memory/3332-16-0x0000000073860000-0x0000000073F4E000-memory.dmp

Filesize
6.9MB

Download
memory/3332-17-0x0000000009710000-0x0000000009720000-memory.dmp

Filesize
64KB

Download