redline | c85533dc3627cc14b81a22fb204c42c9e5527e15ad78c832da7a159825de6ec7

Analysis

max time kernel
18s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
05-01-2024 08:39

Target

tmp.exe
Size

2.2MB
MD5

b1087aa5a1a538d7ee3bd9c3b774bb38
SHA1

0842a7d8905be9dbe06f9b2bd7376f33373af246
SHA256

c85533dc3627cc14b81a22fb204c42c9e5527e15ad78c832da7a159825de6ec7
SHA512

46aec87f752382ec9a5ce6f45af70ab54ae3fe158cd2084b27ca55d8224c83417c8a13091648b4b1ffdbf76f2b88ffa0424a76d3619c3516645e70b0c6969cb6
SSDEEP

24576:EQ1OwhF5/u7S/OiUVkcOpckjLDSvWrtaG2cskcA8AvuyLdk0JdQGwct28MENdhX2:DMwP5/u79ScOqkjqOrnq29QFxa

Score

10^/10

Family

redline

Botnet

Legaa

185.172.128.33:38294

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/548-4-0x0000000001200000-0x0000000001252000-memory.dmp	family_redline

Suspicious use of SetThreadContext 1 IoCs

Processes:

tmp.exe

description pid process target process

PID 4232 set thread context of 548 4232 tmp.exe jsc.exe

description	pid	process	target process
PID 4232 set thread context of 548	4232	tmp.exe	jsc.exe

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

tmp.exe

description	pid	process	target process
PID 4232 wrote to memory of 548	4232	tmp.exe	jsc.exe
PID 4232 wrote to memory of 548	4232	tmp.exe	jsc.exe
PID 4232 wrote to memory of 548	4232	tmp.exe	jsc.exe
PID 4232 wrote to memory of 548	4232	tmp.exe	jsc.exe
PID 4232 wrote to memory of 548	4232	tmp.exe	jsc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
2⤵
PID:548

memory/548-10-0x0000000005800000-0x000000000580A000-memory.dmp

Filesize
40KB

Download
memory/548-14-0x0000000005B80000-0x0000000005BBC000-memory.dmp

Filesize
240KB

Download
memory/548-6-0x0000000074B80000-0x0000000075330000-memory.dmp

Filesize
7.7MB

Download
memory/548-8-0x0000000005740000-0x00000000057D2000-memory.dmp

Filesize
584KB

Download
memory/548-7-0x0000000005C00000-0x00000000061A4000-memory.dmp

Filesize
5.6MB

Download
memory/548-9-0x0000000005980000-0x0000000005990000-memory.dmp

Filesize
64KB

Download
memory/548-4-0x0000000001200000-0x0000000001252000-memory.dmp

Filesize
328KB

Download
memory/548-13-0x0000000005920000-0x0000000005932000-memory.dmp

Filesize
72KB

Download
memory/548-18-0x0000000074B80000-0x0000000075330000-memory.dmp

Filesize
7.7MB

Download
memory/548-15-0x00000000061B0000-0x00000000061FC000-memory.dmp

Filesize
304KB

Download
memory/548-12-0x00000000062C0000-0x00000000063CA000-memory.dmp

Filesize
1.0MB

Download
memory/548-11-0x00000000067D0000-0x0000000006DE8000-memory.dmp

Filesize
6.1MB

Download
memory/548-16-0x0000000006440000-0x00000000064A6000-memory.dmp

Filesize
408KB

Download
memory/548-17-0x0000000007340000-0x0000000007390000-memory.dmp

Filesize
320KB

Download
memory/4232-5-0x00007FF688870000-0x00007FF688B05000-memory.dmp

Filesize
2.6MB

Download