Overview

overview

10

Static

static

5255cbe95f...0b.exe

windows7_x64

10

5255cbe95f...0b.exe

windows10_x64

10

Analysis

  • max time kernel
    145s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    03-12-2020 07:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5255cbe95f3798371938f310bdee3b0b.exe

  • Size

    405KB

  • MD5

    5255cbe95f3798371938f310bdee3b0b

  • SHA1

    4fffef86242a1eaba0732f61ec6e4ccd022518d3

  • SHA256

    5e05d90bcdb3ed152fbc447a2f30538affdb2e3c3f60fe4a548837123a423f45

  • SHA512

    748b59e3c5c1e3265c96f659ab889814a6f8e945f970f7b91be9b7a2c917967cbdc5445880a906bfc98e2996b0121b9b1b837ff825aaf68a896292482f2bd702

Score
10/10
redlineinfostealer

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5255cbe95f3798371938f310bdee3b0b.exe
    "C:\Users\Admin\AppData\Local\Temp\5255cbe95f3798371938f310bdee3b0b.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1640-2-0x0000000002670000-0x0000000002681000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1640-3-0x00000000027F0000-0x0000000002801000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1640-4-0x00000000745C0000-0x0000000074CAE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1640-5-0x0000000000CE0000-0x0000000000D05000-memory.dmp

    Filesize

    148KB

    Download

  • memory/1640-6-0x00000000027F0000-0x0000000002813000-memory.dmp

    Filesize

    140KB

    Download