Overview

overview

10

Static

static

1a847048b2...1c.exe

windows7_x64

10

1a847048b2...1c.exe

windows10_x64

10

Analysis

  • max time kernel
    150s
  • max time network
    148s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    26-04-2021 14:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1a847048b206da021c9868fea7e26b1c.exe

  • Size

    343KB

  • MD5

    1a847048b206da021c9868fea7e26b1c

  • SHA1

    885d15dcfe1cd621f25240ac0f7b77f82d00dbca

  • SHA256

    2de5bd332d8d0c6b405cb6c8309858f67c33fc1db5ab1e36cf619f1c434bfd45

  • SHA512

    acdc3b23aff6d73be1dbc86fa55e43858b1e04ac3d20ea405b8210430eedb1149d0ef650186c43d3c6680b194f0d8a47dd7597ab7d79303f9865ad7dcae3120f

Score
10/10
redline118infostealer

Malware Config

Extracted

Family

redline

Botnet

118

C2

bumblebee2021.store:80

trusmileveneers.store:80

lazerprojekt.store:80

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1a847048b206da021c9868fea7e26b1c.exe
    "C:\Users\Admin\AppData\Local\Temp\1a847048b206da021c9868fea7e26b1c.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/584-114-0x0000000000660000-0x0000000000690000-memory.dmp
    Filesize

    192KB

    Download
  • memory/584-115-0x0000000000400000-0x00000000004C2000-memory.dmp
    Filesize

    776KB

    Download
  • memory/584-116-0x0000000000820000-0x000000000083E000-memory.dmp
    Filesize

    120KB

    Download
  • memory/584-117-0x0000000004DE0000-0x0000000004DE1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/584-118-0x0000000004DD0000-0x0000000004DD1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/584-119-0x0000000004DD2000-0x0000000004DD3000-memory.dmp
    Filesize

    4KB

    Download
  • memory/584-120-0x0000000004DD3000-0x0000000004DD4000-memory.dmp
    Filesize

    4KB

    Download
  • memory/584-121-0x0000000002410000-0x000000000242D000-memory.dmp
    Filesize

    116KB

    Download
  • memory/584-122-0x00000000052E0000-0x00000000052E1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/584-123-0x00000000025F0000-0x00000000025F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/584-124-0x0000000004C60000-0x0000000004C61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/584-125-0x0000000004CA0000-0x0000000004CA1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/584-126-0x0000000004DD4000-0x0000000004DD6000-memory.dmp
    Filesize

    8KB

    Download
  • memory/584-127-0x0000000005930000-0x0000000005931000-memory.dmp
    Filesize

    4KB

    Download