Analysis
-
max time kernel
34s -
max time network
35s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
21-05-2024 01:21
Static task
static1
Behavioral task
behavioral1
Sample
003ed8d254100143b754e858ec6744b230b703634eb73083ca68b955f7563e7c.exe
Resource
win10v2004-20240426-en
General
-
Target
003ed8d254100143b754e858ec6744b230b703634eb73083ca68b955f7563e7c.exe
-
Size
345KB
-
MD5
70f89fca6b4c567a01bb11bf35f6c97b
-
SHA1
145d3fa79d4abb850be566f985ab8f5aa82b1007
-
SHA256
003ed8d254100143b754e858ec6744b230b703634eb73083ca68b955f7563e7c
-
SHA512
2b24b525a66e7686929dbe4c6b1076818b65d0d9f6919d5e0f4599bc056f7d5c78b9b79b3f5e8c4f20f53e2be738f1d3128b6b137a0a2fce6a26e6e9b34071af
-
SSDEEP
6144:aOuEAIGL/9jUxx8PNSjBM4/5lfKOGQ80sh3A7U1ZycH1ZJbmnOYBf:a1EtGj9jUPg25ggYUk9VZJbmOU
Malware Config
Extracted
redline
neruzki
193.106.191.22:47242
-
auth_value
be14ae67c6dd227f622680a27ea42452
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 35 IoCs
resource yara_rule behavioral1/memory/4484-5-0x00000000024C0000-0x000000000250C000-memory.dmp family_redline behavioral1/memory/4484-7-0x0000000002570000-0x00000000025B8000-memory.dmp family_redline behavioral1/memory/4484-67-0x0000000002570000-0x00000000025B4000-memory.dmp family_redline behavioral1/memory/4484-71-0x0000000002570000-0x00000000025B4000-memory.dmp family_redline behavioral1/memory/4484-69-0x0000000002570000-0x00000000025B4000-memory.dmp family_redline behavioral1/memory/4484-65-0x0000000002570000-0x00000000025B4000-memory.dmp family_redline behavioral1/memory/4484-64-0x0000000002570000-0x00000000025B4000-memory.dmp family_redline behavioral1/memory/4484-61-0x0000000002570000-0x00000000025B4000-memory.dmp family_redline behavioral1/memory/4484-59-0x0000000002570000-0x00000000025B4000-memory.dmp family_redline behavioral1/memory/4484-57-0x0000000002570000-0x00000000025B4000-memory.dmp family_redline behavioral1/memory/4484-53-0x0000000002570000-0x00000000025B4000-memory.dmp family_redline behavioral1/memory/4484-51-0x0000000002570000-0x00000000025B4000-memory.dmp family_redline behavioral1/memory/4484-49-0x0000000002570000-0x00000000025B4000-memory.dmp family_redline behavioral1/memory/4484-45-0x0000000002570000-0x00000000025B4000-memory.dmp family_redline behavioral1/memory/4484-43-0x0000000002570000-0x00000000025B4000-memory.dmp family_redline behavioral1/memory/4484-39-0x0000000002570000-0x00000000025B4000-memory.dmp family_redline behavioral1/memory/4484-37-0x0000000002570000-0x00000000025B4000-memory.dmp family_redline behavioral1/memory/4484-33-0x0000000002570000-0x00000000025B4000-memory.dmp family_redline behavioral1/memory/4484-31-0x0000000002570000-0x00000000025B4000-memory.dmp family_redline behavioral1/memory/4484-27-0x0000000002570000-0x00000000025B4000-memory.dmp family_redline behavioral1/memory/4484-25-0x0000000002570000-0x00000000025B4000-memory.dmp family_redline behavioral1/memory/4484-23-0x0000000002570000-0x00000000025B4000-memory.dmp family_redline behavioral1/memory/4484-19-0x0000000002570000-0x00000000025B4000-memory.dmp family_redline behavioral1/memory/4484-11-0x0000000002570000-0x00000000025B4000-memory.dmp family_redline behavioral1/memory/4484-9-0x0000000002570000-0x00000000025B4000-memory.dmp family_redline behavioral1/memory/4484-55-0x0000000002570000-0x00000000025B4000-memory.dmp family_redline behavioral1/memory/4484-47-0x0000000002570000-0x00000000025B4000-memory.dmp family_redline behavioral1/memory/4484-41-0x0000000002570000-0x00000000025B4000-memory.dmp family_redline behavioral1/memory/4484-35-0x0000000002570000-0x00000000025B4000-memory.dmp family_redline behavioral1/memory/4484-29-0x0000000002570000-0x00000000025B4000-memory.dmp family_redline behavioral1/memory/4484-21-0x0000000002570000-0x00000000025B4000-memory.dmp family_redline behavioral1/memory/4484-17-0x0000000002570000-0x00000000025B4000-memory.dmp family_redline behavioral1/memory/4484-15-0x0000000002570000-0x00000000025B4000-memory.dmp family_redline behavioral1/memory/4484-13-0x0000000002570000-0x00000000025B4000-memory.dmp family_redline behavioral1/memory/4484-8-0x0000000002570000-0x00000000025B4000-memory.dmp family_redline -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4484 003ed8d254100143b754e858ec6744b230b703634eb73083ca68b955f7563e7c.exe