redline | 70fdef8086838f3c9655df4c288a85eb0240a1f1cb1892b3f19bd3913b5d91be

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
02-03-2024 18:36

Target

1520-140-0x00000000021E0000-0x0000000002224000-memory.exe
Size

272KB
MD5

380843e3cdaf96f9e6f2a7b20490356f
SHA1

aba40c51c81c589e79e0fa8e38af1c988c78b159
SHA256

70fdef8086838f3c9655df4c288a85eb0240a1f1cb1892b3f19bd3913b5d91be
SHA512

717865d6c7ccae2eaf747c9bdaefb365e4a9e880d95628a4b85c0c12e18897941c0f09798245e421ea1ff51152c167ea2b3737cb5cf7b0a1ef220d5879b842ba
SSDEEP

3072:J6j4ELN6FY9Cff3n0sk+wziR/o40DrNwAhFMnImax8EExNn2pU9f2MKTV/wi4lrO:J6jiD30sk+wzYZAhunI7x8

Score

10^/10

Family

redline

Botnet

mango

193.233.20.28:4125

Attributes

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/3028-0-0x00000000002D0000-0x0000000000314000-memory.dmp	family_redline

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

1520-140-0x00000000021E0000-0x0000000002224000-memory.exe

description pid process

Token: SeDebugPrivilege 3028 1520-140-0x00000000021E0000-0x0000000002224000-memory.exe

description	pid	process
Token: SeDebugPrivilege	3028	1520-140-0x00000000021E0000-0x0000000002224000-memory.exe

C:\Users\Admin\AppData\Local\Temp\1520-140-0x00000000021E0000-0x0000000002224000-memory.exe
"C:\Users\Admin\AppData\Local\Temp\1520-140-0x00000000021E0000-0x0000000002224000-memory.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3028

memory/3028-0-0x00000000002D0000-0x0000000000314000-memory.dmp

Filesize
272KB

Download
memory/3028-1-0x0000000073F50000-0x000000007463E000-memory.dmp

Filesize
6.9MB

Download
memory/3028-2-0x0000000073F50000-0x000000007463E000-memory.dmp

Filesize
6.9MB

Download