Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
02-03-2024 07:47
Behavioral task
behavioral1
Sample
1704-57-0x00000000021F0000-0x0000000002248000-memory.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
1704-57-0x00000000021F0000-0x0000000002248000-memory.exe
Resource
win10v2004-20240226-en
General
-
Target
1704-57-0x00000000021F0000-0x0000000002248000-memory.exe
-
Size
352KB
-
MD5
60a394b0193052497377571c2237b51b
-
SHA1
e47cd359118437322e6d143a488c0c53b5096c3c
-
SHA256
158b73a641365c775821b7a7f9650cc94e5cadc2fecf1ef1e8b0903cc18c8696
-
SHA512
c9946f8470b90aa277de5deb59160ec60a2e3c538bc8495d38baefb0e7691a6af66363fa9c5e08f09dec6681de29d81f91a888adc5b74eea01e2df460ff4e2e0
-
SSDEEP
3072:b4RkBhVcxIiIv07Ud2fd6nnaPTAs13BkLScan/mMUkAr1:1PVcJIc7WKE6UkA
Malware Config
Extracted
redline
dozk
91.215.85.15:25916
-
auth_value
9f1dc4ff242fb8b53742acae0ef96143
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/2368-0-0x0000000000B80000-0x0000000000BD8000-memory.dmp family_redline -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
1704-57-0x00000000021F0000-0x0000000002248000-memory.exedescription pid process Token: SeDebugPrivilege 2368 1704-57-0x00000000021F0000-0x0000000002248000-memory.exe