Analysis
-
max time kernel
136s -
max time network
196s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
24-09-2021 18:21
General
-
Target
udptest.exe
-
Size
240KB
-
MD5
265717bdcb626127fdb7e62b018e963c
-
SHA1
d9d70e33380e33caa8c48b6a4ba7a4fe08ecafe5
-
SHA256
e102abb40eb0795f838749e262c4e94af6df4213832b1d055b727cbc50f3a8ee
-
SHA512
f9c3656bb1e9848620990ca2ee8c163f32c2259774cf21ff78979ba1318daabb672ba1a67924b90d55cce8b579830bf31db32e2da83a09b51916c60ca157f362
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
test
C2
193.56.146.78:51487
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\udptest.exe"C:\Users\Admin\AppData\Local\Temp\udptest.exe"1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/564-60-0x00000000002B0000-0x00000000002E0000-memory.dmpFilesize
192KB
-
memory/564-61-0x0000000000400000-0x0000000001D88000-memory.dmpFilesize
25.5MB
-
memory/564-62-0x00000000039B0000-0x00000000039CD000-memory.dmpFilesize
116KB
-
memory/564-63-0x0000000003B11000-0x0000000003B12000-memory.dmpFilesize
4KB
-
memory/564-65-0x0000000003B13000-0x0000000003B14000-memory.dmpFilesize
4KB
-
memory/564-64-0x0000000003B12000-0x0000000003B13000-memory.dmpFilesize
4KB
-
memory/564-66-0x00000000039D0000-0x00000000039EC000-memory.dmpFilesize
112KB
-
memory/564-67-0x0000000003B14000-0x0000000003B16000-memory.dmpFilesize
8KB