redline | b4a1e470f814bbcf1bc26c087eb513f4bab6165c90ecf43ac71dd87702561c30

Analysis

max time kernel
131s
max time network
140s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23/06/2024, 11:03 UTC

Target

5d860e52bfa60fec84b6a46661b45246.exe
Size

297KB
MD5

5d860e52bfa60fec84b6a46661b45246
SHA1

1259e9f868d0d80ac09aadb9387662347cd4bd68
SHA256

b4a1e470f814bbcf1bc26c087eb513f4bab6165c90ecf43ac71dd87702561c30
SHA512

04ea5757d01508a44e0152b3aa78f530908da649d59b8ce7ee3e15c2d4d0314c97f346c1e79b1810edb27165d04781c022937d02536dc9b1dd4c55f023a47701
SSDEEP

3072:WqFFrqwIOGdTypEmz07sFPaF16CVyeR+LhdwT5TZMfvgZcZqf7D34NeqiOLCbBOy:tBIOG6hPPLd05TZaYcZqf7DI3L

Score

10^/10

Family

redline

Botnet

AMA

185.215.113.67:40960

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral1/memory/2988-1-0x0000000000BD0000-0x0000000000C20000-memory.dmp	family_redline

C:\Users\Admin\AppData\Local\Temp\5d860e52bfa60fec84b6a46661b45246.exe
"C:\Users\Admin\AppData\Local\Temp\5d860e52bfa60fec84b6a46661b45246.exe"
1⤵
PID:2988

No results found

No results found

memory/2988-0-0x000000007419E000-0x000000007419F000-memory.dmp

Filesize
4KB

Download
memory/2988-1-0x0000000000BD0000-0x0000000000C20000-memory.dmp

Filesize
320KB

Download
memory/2988-2-0x0000000074190000-0x000000007487E000-memory.dmp

Filesize
6.9MB

Download
memory/2988-3-0x000000007419E000-0x000000007419F000-memory.dmp

Filesize
4KB

Download
memory/2988-4-0x0000000074190000-0x000000007487E000-memory.dmp

Filesize
6.9MB

Download