redline | 62dcf64b0ab339365a012b3f61cb15406b057620753ba1d1bee1ab4d3702ed71

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
02-03-2024 22:44

Target

832-153-0x00000000047D0000-0x0000000004814000-memory.exe
Size

272KB
MD5

2d3bbdaf334817bba9db22a9ed5f5e06
SHA1

7b2720f843cc0f82b563fe895af5434c89236dce
SHA256

62dcf64b0ab339365a012b3f61cb15406b057620753ba1d1bee1ab4d3702ed71
SHA512

e78a345b20b847048df96e3eea980fb4539da5e3ca4de24d826704593d0be26a6fb76d0c91cb649dab1e314a912ce6a029b8f6e2feeb2bf623f403c0c1f77d55
SSDEEP

3072:96jYELp6VFxCCWosai9QFwNsmLo0gacrilo40OTkQhOEnISw+dvoxNn2pU9f2MKO:96j+GosvqFwtLo0yr3QhZnI

Score

10^/10

Family

redline

Botnet

gena

193.233.20.30:4125

Attributes

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2940-0-0x0000000001230000-0x0000000001274000-memory.dmp	family_redline

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

832-153-0x00000000047D0000-0x0000000004814000-memory.exe

description pid process

Token: SeDebugPrivilege 2940 832-153-0x00000000047D0000-0x0000000004814000-memory.exe

description	pid	process
Token: SeDebugPrivilege	2940	832-153-0x00000000047D0000-0x0000000004814000-memory.exe

C:\Users\Admin\AppData\Local\Temp\832-153-0x00000000047D0000-0x0000000004814000-memory.exe
"C:\Users\Admin\AppData\Local\Temp\832-153-0x00000000047D0000-0x0000000004814000-memory.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2940

memory/2940-0-0x0000000001230000-0x0000000001274000-memory.dmp

Filesize
272KB

Download
memory/2940-1-0x00000000749E0000-0x00000000750CE000-memory.dmp

Filesize
6.9MB

Download
memory/2940-2-0x00000000749E0000-0x00000000750CE000-memory.dmp

Filesize
6.9MB

Download