redline | bb49165d542ebd7a63c727fcb01fc32a77fa319beb4f2d265a5936619f89bea5

Analysis

max time kernel
149s
max time network
161s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
25-05-2024 13:56

Target

build.exe
Size

300KB
MD5

79f58d9e5c31290d1005b8ed75c2b8b2
SHA1

bc36dfa1fde40a857fa61829c8d4772674e9d90e
SHA256

bb49165d542ebd7a63c727fcb01fc32a77fa319beb4f2d265a5936619f89bea5
SHA512

219df5b014e32df266c6673c1b2248898723496ac18881d3498ee945f242faab30a4e98feb70b22222affa31c43d1d7b1c9917091963091911b916cde0ec3c04
SSDEEP

3072:ecZqf7D347p/0+mAKky4fUQIgdPB1fA0PuTVAtkxze3RweqiOL2bBOA:ecZqf7DIlnPPtB1fA0GTV8kEQL

Score

10^/10

Family

redline

Botnet

test

172.22.236.166:1912

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

Processes:

resource	yara_rule
behavioral4/memory/2628-1-0x0000000000CE0000-0x0000000000D32000-memory.dmp	family_redline

C:\Users\Admin\AppData\Local\Temp\build.exe
"C:\Users\Admin\AppData\Local\Temp\build.exe"
1⤵
PID:2628

memory/2628-0-0x000000007525E000-0x000000007525F000-memory.dmp

Filesize
4KB

Download
memory/2628-1-0x0000000000CE0000-0x0000000000D32000-memory.dmp

Filesize
328KB

Download
memory/2628-2-0x0000000005C40000-0x00000000061E6000-memory.dmp

Filesize
5.6MB

Download
memory/2628-3-0x0000000005730000-0x00000000057C2000-memory.dmp

Filesize
584KB

Download
memory/2628-4-0x00000000056D0000-0x00000000056DA000-memory.dmp

Filesize
40KB

Download
memory/2628-5-0x0000000075250000-0x0000000075A01000-memory.dmp

Filesize
7.7MB

Download
memory/2628-6-0x0000000006BD0000-0x00000000071E8000-memory.dmp

Filesize
6.1MB

Download
memory/2628-7-0x00000000084A0000-0x00000000085AA000-memory.dmp

Filesize
1.0MB

Download
memory/2628-8-0x0000000006B90000-0x0000000006BA2000-memory.dmp

Filesize
72KB

Download
memory/2628-9-0x00000000083D0000-0x000000000840C000-memory.dmp

Filesize
240KB

Download
memory/2628-10-0x0000000006410000-0x000000000645C000-memory.dmp

Filesize
304KB

Download
memory/2628-11-0x000000007525E000-0x000000007525F000-memory.dmp

Filesize
4KB

Download
memory/2628-12-0x0000000075250000-0x0000000075A01000-memory.dmp

Filesize
7.7MB

Download