Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
02-03-2024 18:36
Behavioral task
behavioral1
Sample
1520-140-0x00000000021E0000-0x0000000002224000-memory.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1520-140-0x00000000021E0000-0x0000000002224000-memory.exe
Resource
win10v2004-20240226-en
General
-
Target
1520-140-0x00000000021E0000-0x0000000002224000-memory.exe
-
Size
272KB
-
MD5
380843e3cdaf96f9e6f2a7b20490356f
-
SHA1
aba40c51c81c589e79e0fa8e38af1c988c78b159
-
SHA256
70fdef8086838f3c9655df4c288a85eb0240a1f1cb1892b3f19bd3913b5d91be
-
SHA512
717865d6c7ccae2eaf747c9bdaefb365e4a9e880d95628a4b85c0c12e18897941c0f09798245e421ea1ff51152c167ea2b3737cb5cf7b0a1ef220d5879b842ba
-
SSDEEP
3072:J6j4ELN6FY9Cff3n0sk+wziR/o40DrNwAhFMnImax8EExNn2pU9f2MKTV/wi4lrO:J6jiD30sk+wzYZAhunI7x8
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/3028-0-0x00000000002D0000-0x0000000000314000-memory.dmp family_redline -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
1520-140-0x00000000021E0000-0x0000000002224000-memory.exedescription pid process Token: SeDebugPrivilege 3028 1520-140-0x00000000021E0000-0x0000000002224000-memory.exe