Overview

overview

10

Static

static

1a847048b2...1c.exe

windows7_x64

10

1a847048b2...1c.exe

windows10_x64

10

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    26-04-2021 13:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1a847048b206da021c9868fea7e26b1c.exe

  • Size

    343KB

  • MD5

    1a847048b206da021c9868fea7e26b1c

  • SHA1

    885d15dcfe1cd621f25240ac0f7b77f82d00dbca

  • SHA256

    2de5bd332d8d0c6b405cb6c8309858f67c33fc1db5ab1e36cf619f1c434bfd45

  • SHA512

    acdc3b23aff6d73be1dbc86fa55e43858b1e04ac3d20ea405b8210430eedb1149d0ef650186c43d3c6680b194f0d8a47dd7597ab7d79303f9865ad7dcae3120f

Score
10/10
redline118infostealer

Malware Config

Extracted

Family

redline

Botnet

118

C2

bumblebee2021.store:80

trusmileveneers.store:80

lazerprojekt.store:80

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1a847048b206da021c9868fea7e26b1c.exe
    "C:\Users\Admin\AppData\Local\Temp\1a847048b206da021c9868fea7e26b1c.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/740-115-0x0000000000400000-0x00000000004C2000-memory.dmp
    Filesize

    776KB

    Download
  • memory/740-114-0x0000000002230000-0x0000000002260000-memory.dmp
    Filesize

    192KB

    Download
  • memory/740-116-0x0000000002390000-0x00000000023AE000-memory.dmp
    Filesize

    120KB

    Download
  • memory/740-117-0x0000000004DA0000-0x0000000004DA1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/740-119-0x0000000002362000-0x0000000002363000-memory.dmp
    Filesize

    4KB

    Download
  • memory/740-118-0x0000000002360000-0x0000000002361000-memory.dmp
    Filesize

    4KB

    Download
  • memory/740-120-0x0000000002363000-0x0000000002364000-memory.dmp
    Filesize

    4KB

    Download
  • memory/740-121-0x0000000002530000-0x000000000254D000-memory.dmp
    Filesize

    116KB

    Download
  • memory/740-122-0x00000000052A0000-0x00000000052A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/740-123-0x00000000026B0000-0x00000000026B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/740-124-0x00000000026D0000-0x00000000026D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/740-125-0x0000000002860000-0x0000000002861000-memory.dmp
    Filesize

    4KB

    Download
  • memory/740-126-0x0000000002364000-0x0000000002366000-memory.dmp
    Filesize

    8KB

    Download
  • memory/740-127-0x0000000005930000-0x0000000005931000-memory.dmp
    Filesize

    4KB

    Download