redline | 5695a75d96e56497ab5f7175d5c1da59a4565df668cb89db774eefbb5bfb6cf5

Resubmissions

05-09-2023 01:34

max time kernel
138s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24-05-2024 01:20

Target

e4d72d8ddc51c3881aac8e689eeb381b4c97a87cf7dc973c97e5fe35feaa80a8.exe
Size

375KB
MD5

0094d5ff373cec9019212a835c894851
SHA1

1b1cf094623b3d3ab7fe023f31efe2effed19012
SHA256

e4d72d8ddc51c3881aac8e689eeb381b4c97a87cf7dc973c97e5fe35feaa80a8
SHA512

5c6fee60774b1fe4e9f5a63483219e2717a301a31ffb8eba4e5277d4770ea69a93f4f5b398fc7b0249bd9cb5cb4a13147b731222a075cd2fcec7da10e48e9275
SSDEEP

6144:CON3t/C8E6+4xuQvxbAg/1XPxlw/08TgX4flL+84X9wBG8PAbLBFiYV:Cwd6hSBF/1/Lw/HTtNi84X9amPBFi

Score

10^/10

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 2 IoCs

Processes:

resource	yara_rule
behavioral18/memory/1148-4-0x0000000003590000-0x00000000035F6000-memory.dmp	family_redline
behavioral18/memory/1148-7-0x0000000006280000-0x00000000062E2000-memory.dmp	family_redline

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2732 1148 WerFault.exe e4d72d8ddc51c3881aac8e689eeb381b4c97a87cf7dc973c97e5fe35feaa80a8.exe

pid	pid_target	process	target process
2732	1148	WerFault.exe	e4d72d8ddc51c3881aac8e689eeb381b4c97a87cf7dc973c97e5fe35feaa80a8.exe

C:\Users\Admin\AppData\Local\Temp\e4d72d8ddc51c3881aac8e689eeb381b4c97a87cf7dc973c97e5fe35feaa80a8.exe
"C:\Users\Admin\AppData\Local\Temp\e4d72d8ddc51c3881aac8e689eeb381b4c97a87cf7dc973c97e5fe35feaa80a8.exe"
1⤵
PID:1148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 1180
2⤵
- Program crash
PID:2732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1148 -ip 1148
1⤵
PID:2672

memory/1148-1-0x00000000015D0000-0x00000000016D0000-memory.dmp

Filesize
1024KB

Download
memory/1148-3-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1148-2-0x0000000001550000-0x00000000015A0000-memory.dmp

Filesize
320KB

Download
memory/1148-4-0x0000000003590000-0x00000000035F6000-memory.dmp

Filesize
408KB

Download
memory/1148-5-0x0000000000400000-0x00000000013C3000-memory.dmp

Filesize
15.8MB

Download
memory/1148-6-0x0000000005CD0000-0x0000000006274000-memory.dmp

Filesize
5.6MB

Download
memory/1148-7-0x0000000006280000-0x00000000062E2000-memory.dmp

Filesize
392KB

Download
memory/1148-8-0x00000000062E0000-0x0000000006372000-memory.dmp

Filesize
584KB

Download
memory/1148-10-0x0000000000400000-0x00000000013C3000-memory.dmp

Filesize
15.8MB

Download
memory/1148-11-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download