redline | be3323c3b2bd6ba736703199d528de6bf1396e8a7c6b9b58e4ca31fda43b00e0

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24-05-2024 08:41

Target

70f5b2bcd00d4e52e3ca12b277c6e1cf6e5f1d2359e7655daebb44704158a4c3.exe
Size

285KB
MD5

421ff85e1ad3a04c83e0a69305fe86de
SHA1

4da831e00dca7923f3077a1ddaae0b21e7bcbcc8
SHA256

70f5b2bcd00d4e52e3ca12b277c6e1cf6e5f1d2359e7655daebb44704158a4c3
SHA512

91f75cad0f7ffb9b6299cb55b7aceca39805e533529083151d31649629e0786319601fa95abe1759ebec4d9e96ba4faa1b9bb6d30779b23bb8b619e190e7d45e
SSDEEP

3072:gJ5h+cJjNKyxPs788qtOV+juc2/hJgydZKt4q13MjAB6k90dppxCIDww674g:gllzPY88TV+jyhJpAwjAB6k9Wv69

Score

10^/10

Family

redline

Botnet

@pak_1111

45.15.156.167:80

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 2 IoCs

resource	yara_rule
behavioral10/memory/3836-1-0x00000000001C0000-0x00000000001FE000-memory.dmp	family_redline
behavioral10/memory/3836-5-0x0000000000400000-0x000000000044A000-memory.dmp	family_redline

C:\Users\Admin\AppData\Local\Temp\70f5b2bcd00d4e52e3ca12b277c6e1cf6e5f1d2359e7655daebb44704158a4c3.exe
"C:\Users\Admin\AppData\Local\Temp\70f5b2bcd00d4e52e3ca12b277c6e1cf6e5f1d2359e7655daebb44704158a4c3.exe"
1⤵
PID:3836

memory/3836-0-0x000000000040B000-0x000000000040D000-memory.dmp

Filesize
8KB

Download
memory/3836-1-0x00000000001C0000-0x00000000001FE000-memory.dmp

Filesize
248KB

Download
memory/3836-5-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/3836-6-0x0000000007030000-0x00000000075D4000-memory.dmp

Filesize
5.6MB

Download
memory/3836-7-0x00000000075E0000-0x0000000007672000-memory.dmp

Filesize
584KB

Download
memory/3836-8-0x0000000004650000-0x000000000465A000-memory.dmp

Filesize
40KB

Download
memory/3836-9-0x0000000008000000-0x0000000008618000-memory.dmp

Filesize
6.1MB

Download
memory/3836-10-0x0000000008700000-0x000000000880A000-memory.dmp

Filesize
1.0MB

Download
memory/3836-11-0x0000000008830000-0x0000000008842000-memory.dmp

Filesize
72KB

Download
memory/3836-12-0x0000000008850000-0x000000000888C000-memory.dmp

Filesize
240KB

Download
memory/3836-13-0x00000000088C0000-0x000000000890C000-memory.dmp

Filesize
304KB

Download