Analysis
-
max time kernel
151s -
max time network
17s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
26-04-2021 13:09
General
-
Target
1a847048b206da021c9868fea7e26b1c.exe
-
Size
343KB
-
MD5
1a847048b206da021c9868fea7e26b1c
-
SHA1
885d15dcfe1cd621f25240ac0f7b77f82d00dbca
-
SHA256
2de5bd332d8d0c6b405cb6c8309858f67c33fc1db5ab1e36cf619f1c434bfd45
-
SHA512
acdc3b23aff6d73be1dbc86fa55e43858b1e04ac3d20ea405b8210430eedb1149d0ef650186c43d3c6680b194f0d8a47dd7597ab7d79303f9865ad7dcae3120f
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
118
C2
bumblebee2021.store:80
trusmileveneers.store:80
lazerprojekt.store:80
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1a847048b206da021c9868fea7e26b1c.exe"C:\Users\Admin\AppData\Local\Temp\1a847048b206da021c9868fea7e26b1c.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1060-60-0x0000000000250000-0x0000000000280000-memory.dmpFilesize
192KB
-
memory/1060-61-0x0000000000400000-0x00000000004C2000-memory.dmpFilesize
776KB
-
memory/1060-62-0x0000000000330000-0x000000000034E000-memory.dmpFilesize
120KB
-
memory/1060-64-0x0000000002522000-0x0000000002523000-memory.dmpFilesize
4KB
-
memory/1060-63-0x0000000002521000-0x0000000002522000-memory.dmpFilesize
4KB
-
memory/1060-65-0x0000000002523000-0x0000000002524000-memory.dmpFilesize
4KB
-
memory/1060-66-0x0000000001D70000-0x0000000001D8D000-memory.dmpFilesize
116KB
-
memory/1060-67-0x0000000002524000-0x0000000002526000-memory.dmpFilesize
8KB