Overview

overview

10

Static

static

e4a200fc3d...97.exe

windows7_x64

10

e4a200fc3d...97.exe

windows10_x64

10

Resubmissions

31/03/2025, 16:30

250331-tzz2sawmx5 10

14/09/2021, 22:39

210914-2kz28sbddq 10

Analysis

  • max time kernel
    125s
  • max time network
    164s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    14/09/2021, 22:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e4a200fc3da152d2b8c48f6e19b8ec97.exe

  • Size

    787KB

  • MD5

    e4a200fc3da152d2b8c48f6e19b8ec97

  • SHA1

    6104b851cccad3628b12d4ca136b8f364bbd3d35

  • SHA256

    95d29f64d0106c91070bcd511f78f6cf29d35cdb8cbbd97cfdfdcf61e422b4da

  • SHA512

    d704391d9a566a889398af1d119e46aecfa9421802cb14785847a64d4848874f2b65aed132d955f624a848fead5b2cb48a9805c90d5df2e230064775f6f015ea

Score
10/10
redlinecheatinfostealer

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

172.31.9.183:29120

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 3 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e4a200fc3da152d2b8c48f6e19b8ec97.exe
    "C:\Users\Admin\AppData\Local\Temp\e4a200fc3da152d2b8c48f6e19b8ec97.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1208
    • C:\Users\Admin\AppData\Local\Temp\e4a200fc3da152d2b8c48f6e19b8ec97.exe
      "C:\Users\Admin\AppData\Local\Temp\e4a200fc3da152d2b8c48f6e19b8ec97.exe"
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/688-66-0x0000000000400000-0x000000000041E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/688-68-0x0000000000400000-0x000000000041E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/688-70-0x0000000004900000-0x0000000004901000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1208-60-0x0000000000A40000-0x0000000000A41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1208-62-0x0000000004DB0000-0x0000000004DB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1208-63-0x00000000005F0000-0x0000000000606000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1208-64-0x0000000004660000-0x00000000046AC000-memory.dmp

    Filesize

    304KB

    Download

  • memory/1208-65-0x0000000000A00000-0x0000000000A1A000-memory.dmp

    Filesize

    104KB

    Download