redline | 639722b6340d2aefe6bec6cf9a2e5d47f69e46d794a9336bd9fde3f5c2c357f0

Analysis

max time kernel
136s
max time network
149s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 17:13

Target

j8930172.exe
Size

405KB
MD5

15e6ccca9ec2cdb3f98d29939293afa6
SHA1

f921d6e690c9b154efa1ec37baa24526ef79f12f
SHA256

639722b6340d2aefe6bec6cf9a2e5d47f69e46d794a9336bd9fde3f5c2c357f0
SHA512

853640befc288663f71148ec880b4c0338a0b24cd42b92512671284e79588d8f1df883b8ddc187813b4c56c9efd042bb51c528176b3a2ef58e085b36e55120ba
SSDEEP

6144:G0vJm09zORs+z/TMify9DAOVoQDmQ9WD+JcbK+UgLqc+t1FZX8/:Gcw09CK5N4t8Js5MF8/

Score

10^/10

Family

redline

Botnet

monik

77.91.124.82:19071

Attributes

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2100 set thread context of 2688	2100	j8930172.exe	30

Suspicious use of WriteProcessMemory 26 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 2364	2100	j8930172.exe	28
PID 2100 wrote to memory of 2364	2100	j8930172.exe	28
PID 2100 wrote to memory of 2364	2100	j8930172.exe	28
PID 2100 wrote to memory of 2364	2100	j8930172.exe	28
PID 2100 wrote to memory of 2364	2100	j8930172.exe	28
PID 2100 wrote to memory of 2364	2100	j8930172.exe	28
PID 2100 wrote to memory of 2364	2100	j8930172.exe	28
PID 2100 wrote to memory of 3036	2100	j8930172.exe	29
PID 2100 wrote to memory of 3036	2100	j8930172.exe	29
PID 2100 wrote to memory of 3036	2100	j8930172.exe	29
PID 2100 wrote to memory of 3036	2100	j8930172.exe	29
PID 2100 wrote to memory of 3036	2100	j8930172.exe	29
PID 2100 wrote to memory of 3036	2100	j8930172.exe	29
PID 2100 wrote to memory of 3036	2100	j8930172.exe	29
PID 2100 wrote to memory of 2688	2100	j8930172.exe	30
PID 2100 wrote to memory of 2688	2100	j8930172.exe	30
PID 2100 wrote to memory of 2688	2100	j8930172.exe	30
PID 2100 wrote to memory of 2688	2100	j8930172.exe	30
PID 2100 wrote to memory of 2688	2100	j8930172.exe	30
PID 2100 wrote to memory of 2688	2100	j8930172.exe	30
PID 2100 wrote to memory of 2688	2100	j8930172.exe	30
PID 2100 wrote to memory of 2688	2100	j8930172.exe	30
PID 2100 wrote to memory of 2688	2100	j8930172.exe	30
PID 2100 wrote to memory of 2688	2100	j8930172.exe	30
PID 2100 wrote to memory of 2688	2100	j8930172.exe	30
PID 2100 wrote to memory of 2688	2100	j8930172.exe	30

C:\Users\Admin\AppData\Local\Temp\j8930172.exe
"C:\Users\Admin\AppData\Local\Temp\j8930172.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:2364
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:3036
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:2688

memory/2688-0-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2688-1-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2688-2-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2688-3-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2688-4-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2688-5-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2688-7-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2688-9-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2688-10-0x0000000073DE0000-0x00000000744CE000-memory.dmp

Filesize
6.9MB

Download
memory/2688-11-0x0000000000260000-0x0000000000266000-memory.dmp

Filesize
24KB

Download
memory/2688-12-0x0000000000960000-0x00000000009A0000-memory.dmp

Filesize
256KB

Download
memory/2688-13-0x0000000073DE0000-0x00000000744CE000-memory.dmp

Filesize
6.9MB

Download
memory/2688-14-0x0000000000960000-0x00000000009A0000-memory.dmp

Filesize
256KB

Download