redline | b69037a6cba7dddd7ec97a5af249e6776f0b432ef9ad04a825c9df0ced7f9d88

Analysis

max time kernel
287s
max time network
297s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
02/05/2024, 06:07

Target

b69037a6cba7dddd7ec97a5af249e6776f0b432ef9ad04a825c9df0ced7f9d88.exe
Size

221KB
MD5

4b8ccdb549d6490a90948fce3886c722
SHA1

fb09d13fa019a4316770e4ce8a845fa1aee9038c
SHA256

b69037a6cba7dddd7ec97a5af249e6776f0b432ef9ad04a825c9df0ced7f9d88
SHA512

9b3743b414ced47c0faa98720f776fd486b43318ea8095f789ff1436b7d5f04ffa5b8bb5f0c59b1aa50c61e670a07cdb1fbb0eea376b83832b79517620c03fa6
SSDEEP

3072:szf+F0odnFNgcnWYGO/2Fhp+Gt/qYLIkZ79F9tDonob8:IWF0CFNgcnhGO/Sj/3IkZxzFono

Score

10^/10

Family

redline

Botnet

sq1

185.254.37.67:20454

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral1/memory/1652-1-0x0000000000B40000-0x0000000000B7E000-memory.dmp	family_redline

C:\Users\Admin\AppData\Local\Temp\b69037a6cba7dddd7ec97a5af249e6776f0b432ef9ad04a825c9df0ced7f9d88.exe
"C:\Users\Admin\AppData\Local\Temp\b69037a6cba7dddd7ec97a5af249e6776f0b432ef9ad04a825c9df0ced7f9d88.exe"
1⤵
PID:1652

memory/1652-0-0x000000007499E000-0x000000007499F000-memory.dmp

Filesize
4KB

Download
memory/1652-1-0x0000000000B40000-0x0000000000B7E000-memory.dmp

Filesize
248KB

Download
memory/1652-2-0x0000000074990000-0x000000007507E000-memory.dmp

Filesize
6.9MB

Download
memory/1652-3-0x000000007499E000-0x000000007499F000-memory.dmp

Filesize
4KB

Download
memory/1652-4-0x0000000074990000-0x000000007507E000-memory.dmp

Filesize
6.9MB

Download