redline | 3251aadd8eaff5a07bc0d59b09902d15d962cb83d8dd6ab9ab3fc5edd550ed22

Analysis

max time kernel
133s
max time network
147s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-03-2024 23:00

Target

bd07a2728f0a5c4a971125e51830b459.exe
Size

1.2MB
MD5

bd07a2728f0a5c4a971125e51830b459
SHA1

c600264ed42ecc69106ea463a4ca11094aa31519
SHA256

3251aadd8eaff5a07bc0d59b09902d15d962cb83d8dd6ab9ab3fc5edd550ed22
SHA512

174cadaa4daf9e24ba687ec8e319de88fbebde30989998be3b841ad7382379ce6ce9ab4aad5996e424fb4b05cf9122ecb63b71b15e925914707176b5c207c5ef
SSDEEP

24576:GZWIO2Pix0ih5nK0ghpYMuV0alV0awzLHL:GcuihJgLYMX9n

Score

10^/10

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral1/memory/2312-5-0x00000000010D0000-0x0000000001110000-memory.dmp	family_redline

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2312	bd07a2728f0a5c4a971125e51830b459.exe

C:\Users\Admin\AppData\Local\Temp\bd07a2728f0a5c4a971125e51830b459.exe
"C:\Users\Admin\AppData\Local\Temp\bd07a2728f0a5c4a971125e51830b459.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2312

memory/2312-0-0x0000000001160000-0x00000000012A4000-memory.dmp

Filesize
1.3MB

Download
memory/2312-1-0x0000000074B20000-0x000000007520E000-memory.dmp

Filesize
6.9MB

Download
memory/2312-2-0x00000000010D0000-0x0000000001110000-memory.dmp

Filesize
256KB

Download
memory/2312-3-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2312-4-0x0000000074B20000-0x000000007520E000-memory.dmp

Filesize
6.9MB

Download
memory/2312-5-0x00000000010D0000-0x0000000001110000-memory.dmp

Filesize
256KB

Download