Analysis
-
max time kernel
135s -
max time network
173s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
26-09-2021 11:02
Static task
static1
Behavioral task
behavioral1
Sample
9a72ab735778d3084bc598828e3b37fb.exe
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
9a72ab735778d3084bc598828e3b37fb.exe
Resource
win10-en-20210920
windows10_x64
0 signatures
0 seconds
General
-
Target
9a72ab735778d3084bc598828e3b37fb.exe
-
Size
257KB
-
MD5
9a72ab735778d3084bc598828e3b37fb
-
SHA1
1cf6f21d26d11fafa4bc53422a206887ccf337fc
-
SHA256
fc28af6fd07c69a496b160f59003cb22c07ba256d9d7d7dc56c322d982e79120
-
SHA512
e916836fdc546d5c15b5653ecb33e4bf879f7a23521712704d233255a6b01ab3669e08acd84917e7577270b2d79b1d7bb73e432f3446e9d6238073e149012697
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
buildfortest333
C2
185.173.37.128:40504
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/1208-62-0x0000000001F30000-0x0000000001F4F000-memory.dmp family_redline behavioral1/memory/1208-66-0x0000000001FC0000-0x0000000001FDE000-memory.dmp family_redline
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1208-60-0x00000000002C0000-0x00000000002F0000-memory.dmpFilesize
192KB
-
memory/1208-61-0x0000000000400000-0x00000000004C5000-memory.dmpFilesize
788KB
-
memory/1208-62-0x0000000001F30000-0x0000000001F4F000-memory.dmpFilesize
124KB
-
memory/1208-64-0x00000000049D2000-0x00000000049D3000-memory.dmpFilesize
4KB
-
memory/1208-63-0x00000000049D1000-0x00000000049D2000-memory.dmpFilesize
4KB
-
memory/1208-65-0x00000000049D3000-0x00000000049D4000-memory.dmpFilesize
4KB
-
memory/1208-66-0x0000000001FC0000-0x0000000001FDE000-memory.dmpFilesize
120KB
-
memory/1208-67-0x00000000049D4000-0x00000000049D6000-memory.dmpFilesize
8KB