redline | 92cf7bd32bc8125a758cafd97fc06559994b57ed94f641f74f2da07de284aff3

Resubmissions

13-11-2023 22:04

231113-1yw23afg53 10

15-04-2022 07:01

220415-hs782adef5 10

Analysis

max time kernel
1189s
max time network
1197s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
13-11-2023 22:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AutoInstall.exe
Size

1.8MB
MD5

d22dea0339065ec05cccf525b72a7b12
SHA1

fb73af59c4498f28ffd714d467551ec465b77d7d
SHA256

92cf7bd32bc8125a758cafd97fc06559994b57ed94f641f74f2da07de284aff3
SHA512

9b947179aac2233f83e24f5892aeeba2aa2240f5bf32d323395e712ae02844b04e56abbea16e6e7c34559b7a4ad5ab53a9049bf6eb2a31cbcb59be180dfde573
SSDEEP

49152:8LJyCp/gah3h6AS6UFfrHDu7kLNKxe1iuIy8EpDOPSFVF6:8Nb1V5S3rHDugLNKxAgiOPqi

Score

10^/10

redline @sdsaads2 infostealer

Malware Config

Extracted

Family

redline

Botnet

@SDSAads2

104.168.44.52:80

Attributes

auth_value
589d0e9314616e09f68efd12b2086ab8

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1764 set thread context of 4252	1764	AutoInstall.exe	89

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 1764 wrote to memory of 4252	1764	AutoInstall.exe	89
PID 1764 wrote to memory of 4252	1764	AutoInstall.exe	89
PID 1764 wrote to memory of 4252	1764	AutoInstall.exe	89
PID 1764 wrote to memory of 4252	1764	AutoInstall.exe	89
PID 1764 wrote to memory of 4252	1764	AutoInstall.exe	89

C:\Users\Admin\AppData\Local\Temp\AutoInstall.exe
"C:\Users\Admin\AppData\Local\Temp\AutoInstall.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1764
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:4252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\GetClear.vsdx

Filesize
373KB

MD5
44baf247439d959cdcaa5905a74f8e1d

SHA1
d9fde365d234c1a420219e35e84454da681313cc

SHA256
9093af0de8a63c4c226443d5a7b1ba274dab97403435546d5897ddad5844bb64

SHA512
0dde1a974fb3f13041537f3ad8d39f14fe73b02c3406790af56169547ce6e61547acd8063f126496ae6c62f9871e2e8fa3f782820d913d52b1b9dc5194da9a4b

Download Submit
memory/1764-0-0x00000000005C0000-0x000000000079C000-memory.dmp

Filesize
1.9MB

Download
memory/1764-1-0x0000000000FE0000-0x0000000000FE1000-memory.dmp

Filesize
4KB

Download
memory/1764-3-0x00000000005C0000-0x000000000079C000-memory.dmp

Filesize
1.9MB

Download
memory/1764-7-0x0000000000E00000-0x0000000000F00000-memory.dmp

Filesize
1024KB

Download
memory/1764-13-0x00000000005C0000-0x000000000079C000-memory.dmp

Filesize
1.9MB

Download
memory/4252-16-0x0000000005930000-0x0000000005F48000-memory.dmp

Filesize
6.1MB

Download
memory/4252-15-0x0000000004DB0000-0x0000000004DC0000-memory.dmp

Filesize
64KB

Download
memory/4252-14-0x0000000074FA0000-0x0000000075750000-memory.dmp

Filesize
7.7MB

Download
memory/4252-17-0x0000000005900000-0x0000000005912000-memory.dmp

Filesize
72KB

Download
memory/4252-18-0x0000000007300000-0x000000000740A000-memory.dmp

Filesize
1.0MB

Download
memory/4252-19-0x0000000007230000-0x000000000726C000-memory.dmp

Filesize
240KB

Download
memory/4252-20-0x0000000005320000-0x000000000536C000-memory.dmp

Filesize
304KB

Download
memory/4252-21-0x0000000074FA0000-0x0000000075750000-memory.dmp

Filesize
7.7MB

Download
memory/4252-22-0x0000000004DB0000-0x0000000004DC0000-memory.dmp

Filesize
64KB

Download
memory/4252-6-0x0000000000600000-0x0000000000620000-memory.dmp

Filesize
128KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads