Analysis
-
max time kernel
118s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
02-03-2024 22:44
Behavioral task
behavioral1
Sample
832-153-0x00000000047D0000-0x0000000004814000-memory.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
832-153-0x00000000047D0000-0x0000000004814000-memory.exe
Resource
win10v2004-20240226-en
General
-
Target
832-153-0x00000000047D0000-0x0000000004814000-memory.exe
-
Size
272KB
-
MD5
2d3bbdaf334817bba9db22a9ed5f5e06
-
SHA1
7b2720f843cc0f82b563fe895af5434c89236dce
-
SHA256
62dcf64b0ab339365a012b3f61cb15406b057620753ba1d1bee1ab4d3702ed71
-
SHA512
e78a345b20b847048df96e3eea980fb4539da5e3ca4de24d826704593d0be26a6fb76d0c91cb649dab1e314a912ce6a029b8f6e2feeb2bf623f403c0c1f77d55
-
SSDEEP
3072:96jYELp6VFxCCWosai9QFwNsmLo0gacrilo40OTkQhOEnISw+dvoxNn2pU9f2MKO:96j+GosvqFwtLo0yr3QhZnI
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/2940-0-0x0000000001230000-0x0000000001274000-memory.dmp family_redline -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
832-153-0x00000000047D0000-0x0000000004814000-memory.exedescription pid process Token: SeDebugPrivilege 2940 832-153-0x00000000047D0000-0x0000000004814000-memory.exe