Overview

overview

10

Static

static

5af2d4f23b...3a.exe

windows7_x64

10

5af2d4f23b...3a.exe

windows10_x64

10

Analysis

  • max time kernel
    139s
  • max time network
    200s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    06-07-2021 07:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5af2d4f23b526022e3446bf28928983a.exe

  • Size

    547KB

  • MD5

    5af2d4f23b526022e3446bf28928983a

  • SHA1

    efcb1386b7d4ef0d92df1456434dd38cbd30ff2a

  • SHA256

    a5a1d72b8d7045cf92e3fc39b72cf251a015464f1f7920aa028b341d3f646ee8

  • SHA512

    0e942d17469ba7e9714a36144ba2ebdcaf25122449249e238e28c17e6c130c5c855992f29b95d96b45f3235a1cca84f21b1761f33d28e2ffc0292675d02e030b

Score
10/10
redline777infostealer

Malware Config

Extracted

Family

redline

Botnet

777

C2

193.188.21.24:21977

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 3 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5af2d4f23b526022e3446bf28928983a.exe
    "C:\Users\Admin\AppData\Local\Temp\5af2d4f23b526022e3446bf28928983a.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:856
    • C:\Users\Admin\AppData\Local\Temp\5af2d4f23b526022e3446bf28928983a.exe
      C:\Users\Admin\AppData\Local\Temp\5af2d4f23b526022e3446bf28928983a.exe
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/856-60-0x0000000000140000-0x0000000000141000-memory.dmp
    Filesize

    4KB

    Download
  • memory/856-62-0x00000000006B0000-0x00000000006E3000-memory.dmp
    Filesize

    204KB

    Download
  • memory/856-63-0x00000000020C0000-0x00000000020C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1284-64-0x0000000000400000-0x000000000041E000-memory.dmp
    Filesize

    120KB

    Download
  • memory/1284-65-0x0000000000417E96-mapping.dmp
    Download
  • memory/1284-66-0x0000000000400000-0x000000000041E000-memory.dmp
    Filesize

    120KB

    Download
  • memory/1284-68-0x00000000042D0000-0x00000000042D1000-memory.dmp
    Filesize

    4KB

    Download