Analysis
-
max time kernel
150s -
max time network
24s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
24-04-2021 12:01
General
-
Target
73d58561714af4585e8a34c6f1a0058f.exe
-
Size
388KB
-
MD5
73d58561714af4585e8a34c6f1a0058f
-
SHA1
ec5cc94c248ce7dde234bf872f72d09e8132c896
-
SHA256
9c4589b45940c81fcc8722fa0f96f4b583995df1324a327eefbc276448ea4725
-
SHA512
5c56af9f0c8239a27a1c6d44e82375e868d7fcf4a61c426124831b89b243c50374021d92c0589cf490f11efd69fe7960609bcf3716b55e4fd072af4fcb8a7b53
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
118
C2
bumblebee2021.store:80
trusmileveneers.store:80
lazerprojekt.store:80
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\73d58561714af4585e8a34c6f1a0058f.exe"C:\Users\Admin\AppData\Local\Temp\73d58561714af4585e8a34c6f1a0058f.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1652-59-0x0000000000230000-0x0000000000260000-memory.dmpFilesize
192KB
-
memory/1652-60-0x0000000000400000-0x000000000085B000-memory.dmpFilesize
4.4MB
-
memory/1652-61-0x0000000004C61000-0x0000000004C62000-memory.dmpFilesize
4KB
-
memory/1652-62-0x00000000009F0000-0x0000000000A0E000-memory.dmpFilesize
120KB
-
memory/1652-63-0x0000000004C62000-0x0000000004C63000-memory.dmpFilesize
4KB
-
memory/1652-64-0x0000000004C63000-0x0000000004C64000-memory.dmpFilesize
4KB
-
memory/1652-65-0x0000000002430000-0x000000000244D000-memory.dmpFilesize
116KB
-
memory/1652-66-0x0000000004C64000-0x0000000004C66000-memory.dmpFilesize
8KB