Analysis
-
max time kernel
151s -
max time network
136s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
24-04-2021 12:01
General
-
Target
ed67002e5cca3020e4dab0218639e774.exe
-
Size
388KB
-
MD5
ed67002e5cca3020e4dab0218639e774
-
SHA1
c61564591a0efa98d624f0307e280c8a292f3d32
-
SHA256
45cfc2ce1e033a00c42202e16a7ba83229688d49d7776e175488c56aade45558
-
SHA512
6c648600f41c20f0c1413d43137b05614802738a8db5f0b831b997ad8db3c706a8ed796439a032d02aa693c15b764e5290245c71dca2f28ed6d27d96a2641c1d
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
118
C2
bumblebee2021.store:80
trusmileveneers.store:80
lazerprojekt.store:80
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ed67002e5cca3020e4dab0218639e774.exe"C:\Users\Admin\AppData\Local\Temp\ed67002e5cca3020e4dab0218639e774.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1920-60-0x00000000003D0000-0x0000000000400000-memory.dmpFilesize
192KB
-
memory/1920-61-0x0000000000400000-0x000000000085B000-memory.dmpFilesize
4.4MB
-
memory/1920-62-0x00000000022D0000-0x00000000022EE000-memory.dmpFilesize
120KB
-
memory/1920-64-0x0000000004B42000-0x0000000004B43000-memory.dmpFilesize
4KB
-
memory/1920-63-0x0000000004B41000-0x0000000004B42000-memory.dmpFilesize
4KB
-
memory/1920-65-0x0000000004B43000-0x0000000004B44000-memory.dmpFilesize
4KB
-
memory/1920-66-0x0000000004AA0000-0x0000000004ABD000-memory.dmpFilesize
116KB
-
memory/1920-67-0x0000000004B44000-0x0000000004B46000-memory.dmpFilesize
8KB