Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
04-03-2024 07:54
Behavioral task
behavioral1
Sample
1692-124-0x00000000024A0000-0x00000000024E4000-memory.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1692-124-0x00000000024A0000-0x00000000024E4000-memory.exe
Resource
win10v2004-20240226-en
General
-
Target
1692-124-0x00000000024A0000-0x00000000024E4000-memory.exe
-
Size
272KB
-
MD5
3b6d39548ba67d45edeb400ba18d6389
-
SHA1
7b582410567c905fcc07dd934fc259bfe8172644
-
SHA256
2760b509de454478b99ef4b96af92c2b9bbce3ca0a30684284ba1afc3f5c8333
-
SHA512
d0fda38a71bd8177260e54a096f2b5420d4f12383b06e5098f551c27cc6a723ca768d786c69f4bac830d6cd2ff7fbc39cf6a4ae78463c37065405c7d1d939a6b
-
SSDEEP
6144:/z6jU1KyZtwLe2EvLcSJ8hinSVJB3LjR3:GIKqmQQs88nsbj1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/2112-0-0x00000000011C0000-0x0000000001204000-memory.dmp family_redline -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
1692-124-0x00000000024A0000-0x00000000024E4000-memory.exedescription pid process Token: SeDebugPrivilege 2112 1692-124-0x00000000024A0000-0x00000000024E4000-memory.exe