redline | 9eff518a31a5ca6d372d8c2e60820b3b014e884da27c4ce7482fefc9b80d4b7f

Analysis

max time kernel
10s
max time network
5s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 09:51

Target

XcHvYYrNa.exe
Size

300KB
MD5

b9a421c6f519b309d05149b5388debc6
SHA1

f713cef1b438bc65d33ff7c1532b9ac4f9cd9fa2
SHA256

9eff518a31a5ca6d372d8c2e60820b3b014e884da27c4ce7482fefc9b80d4b7f
SHA512

25fb917f01e6b2543c47a25561e6ff2f15fe304558281e52694ed26ff046b8fcf74f9a2e023dca41b2f7ceae1349d48ed4cfabe93b9c69582be9c290218acbd6
SSDEEP

3072:ycZqf7D34Tp/0+mAWkyYHcQQg3/B1fA0PuTVAtkxz93REeqiOL2bBOA:ycZqf7DItnzXvB1fA0GTV8kHsL

Score

10^/10

Family

redline

Botnet

SolaraHacked

127.0.0.1:4444

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral2/memory/4140-1-0x0000000000210000-0x0000000000262000-memory.dmp	family_redline

C:\Users\Admin\AppData\Local\Temp\XcHvYYrNa.exe
"C:\Users\Admin\AppData\Local\Temp\XcHvYYrNa.exe"
1⤵
PID:4140

memory/4140-0-0x000000007486E000-0x000000007486F000-memory.dmp

Filesize
4KB

Download
memory/4140-1-0x0000000000210000-0x0000000000262000-memory.dmp

Filesize
328KB

Download
memory/4140-2-0x0000000005260000-0x0000000005804000-memory.dmp

Filesize
5.6MB

Download
memory/4140-3-0x0000000004CB0000-0x0000000004D42000-memory.dmp

Filesize
584KB

Download
memory/4140-4-0x0000000074860000-0x0000000075010000-memory.dmp

Filesize
7.7MB

Download
memory/4140-5-0x0000000004C70000-0x0000000004C7A000-memory.dmp

Filesize
40KB

Download
memory/4140-6-0x0000000006170000-0x0000000006788000-memory.dmp

Filesize
6.1MB

Download
memory/4140-7-0x0000000007B00000-0x0000000007C0A000-memory.dmp

Filesize
1.0MB

Download
memory/4140-8-0x00000000060A0000-0x00000000060B2000-memory.dmp

Filesize
72KB

Download
memory/4140-9-0x0000000006100000-0x000000000613C000-memory.dmp

Filesize
240KB

Download
memory/4140-10-0x0000000007A70000-0x0000000007ABC000-memory.dmp

Filesize
304KB

Download