redline | fb787607b521c23bd9f7c9235f383b5a58f0c14b86e9f754c8c06ee0c7c4dacd

Analysis

max time kernel
292s
max time network
299s
platform
windows10-1703_x64
resource
win10-20230915-en
resource tags

arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
submitted
18/09/2023, 01:34

Target

j1850751.exe
Size

393KB
MD5

515d22083483fb4fb2f5ca6455754723
SHA1

0c44ef2831de6999248610ed5a8869c5ff2b3db7
SHA256

fb787607b521c23bd9f7c9235f383b5a58f0c14b86e9f754c8c06ee0c7c4dacd
SHA512

29fac4649976c0481323577cbadf48eee06655d5bbf87da202ae0c4886d44d2528bd03531fa3e005402e840ee0d54484031a2a8a8f158532af076b0b4489f08a
SSDEEP

6144:facaGEZt20ZSwbz8+Dxe8kVAOYlQsNAH0ZnzInOrj6TZR9YKulbHSY1h8Ey:faFzZtT78Ti2QpP1h8Ey

Score

10^/10

Family

redline

Botnet

monik

77.91.124.82:19071

Attributes

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1508 set thread context of 4556	1508	j1850751.exe	71

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1508 wrote to memory of 4556	1508	j1850751.exe	71
PID 1508 wrote to memory of 4556	1508	j1850751.exe	71
PID 1508 wrote to memory of 4556	1508	j1850751.exe	71
PID 1508 wrote to memory of 4556	1508	j1850751.exe	71
PID 1508 wrote to memory of 4556	1508	j1850751.exe	71
PID 1508 wrote to memory of 4556	1508	j1850751.exe	71
PID 1508 wrote to memory of 4556	1508	j1850751.exe	71
PID 1508 wrote to memory of 4556	1508	j1850751.exe	71

C:\Users\Admin\AppData\Local\Temp\j1850751.exe
"C:\Users\Admin\AppData\Local\Temp\j1850751.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1508
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:4556

memory/4556-0-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/4556-4-0x00000000739A0000-0x000000007408E000-memory.dmp

Filesize
6.9MB

Download
memory/4556-5-0x00000000057F0000-0x00000000057F6000-memory.dmp

Filesize
24KB

Download
memory/4556-6-0x000000000EFC0000-0x000000000F5C6000-memory.dmp

Filesize
6.0MB

Download
memory/4556-7-0x000000000EB20000-0x000000000EC2A000-memory.dmp

Filesize
1.0MB

Download
memory/4556-9-0x000000000EA50000-0x000000000EA62000-memory.dmp

Filesize
72KB

Download
memory/4556-8-0x0000000007180000-0x0000000007190000-memory.dmp

Filesize
64KB

Download
memory/4556-10-0x000000000EAB0000-0x000000000EAEE000-memory.dmp

Filesize
248KB

Download
memory/4556-11-0x000000000EC30000-0x000000000EC7B000-memory.dmp

Filesize
300KB

Download
memory/4556-16-0x00000000739A0000-0x000000007408E000-memory.dmp

Filesize
6.9MB

Download
memory/4556-17-0x0000000007180000-0x0000000007190000-memory.dmp

Filesize
64KB

Download