Overview

overview

10

Static

static

ed67002e5c...74.exe

windows7_x64

10

ed67002e5c...74.exe

windows10_x64

10

Analysis

  • max time kernel
    150s
  • max time network
    145s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    24-04-2021 12:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ed67002e5cca3020e4dab0218639e774.exe

  • Size

    388KB

  • MD5

    ed67002e5cca3020e4dab0218639e774

  • SHA1

    c61564591a0efa98d624f0307e280c8a292f3d32

  • SHA256

    45cfc2ce1e033a00c42202e16a7ba83229688d49d7776e175488c56aade45558

  • SHA512

    6c648600f41c20f0c1413d43137b05614802738a8db5f0b831b997ad8db3c706a8ed796439a032d02aa693c15b764e5290245c71dca2f28ed6d27d96a2641c1d

Score
10/10
redline118infostealer

Malware Config

Extracted

Family

redline

Botnet

118

C2

bumblebee2021.store:80

trusmileveneers.store:80

lazerprojekt.store:80

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ed67002e5cca3020e4dab0218639e774.exe
    "C:\Users\Admin\AppData\Local\Temp\ed67002e5cca3020e4dab0218639e774.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3560-114-0x00000000009B0000-0x00000000009E0000-memory.dmp
    Filesize

    192KB

    Download
  • memory/3560-115-0x0000000000400000-0x000000000085B000-memory.dmp
    Filesize

    4.4MB

    Download
  • memory/3560-116-0x00000000025B0000-0x00000000025CE000-memory.dmp
    Filesize

    120KB

    Download
  • memory/3560-117-0x0000000004F60000-0x0000000004F61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3560-118-0x0000000002820000-0x000000000283D000-memory.dmp
    Filesize

    116KB

    Download
  • memory/3560-119-0x0000000005460000-0x0000000005461000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3560-120-0x0000000004E50000-0x0000000004E51000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3560-121-0x0000000004E70000-0x0000000004E71000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3560-122-0x0000000004ED0000-0x0000000004ED1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3560-124-0x0000000004F52000-0x0000000004F53000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3560-123-0x0000000004F50000-0x0000000004F51000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3560-125-0x0000000004F53000-0x0000000004F54000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3560-126-0x0000000004F54000-0x0000000004F56000-memory.dmp
    Filesize

    8KB

    Download
  • memory/3560-127-0x0000000005B80000-0x0000000005B81000-memory.dmp
    Filesize

    4KB

    Download