Overview

overview

10

Static

static

8

f09d143a_r..._s.exe

windows7_x64

10

f09d143a_r..._s.exe

windows10_x64

10

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    12-02-2021 16:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f09d143a_red_line_s.exe

  • Size

    276KB

  • MD5

    75d6419dd436bd70086b6a5b1579853b

  • SHA1

    f691633d53eef6acea8f5f5dc4a8d5432d3b3d02

  • SHA256

    f09d143add8bd571bf78d5f5181122ba84c10eb9a6427d6f61279ffccf4bec69

  • SHA512

    9af08954c0052533bb2eea078d0488455f928cb8f3aa53c6c4cbb9a3693058b45c385aa8fbca37f348cde0f5ff500a342021771775bb0a832d088eb645b3904d

Score
10/10
redlineinfostealer

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f09d143a_red_line_s.exe
    "C:\Users\Admin\AppData\Local\Temp\f09d143a_red_line_s.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1812-2-0x0000000004FF0000-0x0000000005001000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1812-3-0x0000000006710000-0x0000000006721000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1812-5-0x0000000000400000-0x0000000000436000-memory.dmp

    Filesize

    216KB

    Download

  • memory/1812-4-0x0000000000230000-0x0000000000263000-memory.dmp

    Filesize

    204KB

    Download

  • memory/1812-6-0x0000000073E00000-0x00000000744EE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1812-7-0x00000000068B0000-0x00000000068D4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/1812-8-0x0000000009020000-0x0000000009042000-memory.dmp

    Filesize

    136KB

    Download

  • memory/1812-9-0x0000000009211000-0x0000000009212000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1812-10-0x0000000009212000-0x0000000009213000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1812-11-0x0000000009213000-0x0000000009214000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1812-12-0x0000000009214000-0x0000000009216000-memory.dmp

    Filesize

    8KB

    Download