Overview

overview

10

Static

static

32ad271331...67.exe

windows7_x64

10

32ad271331...67.exe

windows10_x64

10

Analysis

  • max time kernel
    122s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-en-20210920
  • submitted
    14-10-2021 02:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    32ad2713313dcf30a66402b405278167.exe

  • Size

    481KB

  • MD5

    32ad2713313dcf30a66402b405278167

  • SHA1

    108f4a1cef7ab49cddb8872b945692b34afe4fcf

  • SHA256

    d9954ff3216b822c0d2ed2355bfa7203704d5a921052bd4d5b38644e31441c16

  • SHA512

    cce8e3a6caf2f8fcb3cafc56d1283055eba037886fff7ff3cb80831f5c53a1f238ab78bc7b8155c562561a519ffec7d52d01174923803aeaac09716a15a13081

Score
10/10
redline01infostealer

Malware Config

Extracted

Family

redline

Botnet

01

C2

103.156.90.100:60372

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 5 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\32ad2713313dcf30a66402b405278167.exe
    "C:\Users\Admin\AppData\Local\Temp\32ad2713313dcf30a66402b405278167.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1740
    • C:\Users\Admin\AppData\Local\Temp\32ad2713313dcf30a66402b405278167.exe
      C:\Users\Admin\AppData\Local\Temp\32ad2713313dcf30a66402b405278167.exe
      2⤵
        PID:1884
      • C:\Users\Admin\AppData\Local\Temp\32ad2713313dcf30a66402b405278167.exe
        C:\Users\Admin\AppData\Local\Temp\32ad2713313dcf30a66402b405278167.exe
        2⤵
          PID:2044
        • C:\Users\Admin\AppData\Local\Temp\32ad2713313dcf30a66402b405278167.exe
          C:\Users\Admin\AppData\Local\Temp\32ad2713313dcf30a66402b405278167.exe
          2⤵
            PID:320

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/320-58-0x0000000000400000-0x0000000000426000-memory.dmp
          Filesize

          152KB

          Download
        • memory/320-57-0x0000000000400000-0x0000000000426000-memory.dmp
          Filesize

          152KB

          Download
        • memory/320-60-0x0000000000400000-0x0000000000426000-memory.dmp
          Filesize

          152KB

          Download
        • memory/320-59-0x0000000000400000-0x0000000000426000-memory.dmp
          Filesize

          152KB

          Download
        • memory/320-61-0x0000000000400000-0x0000000000426000-memory.dmp
          Filesize

          152KB

          Download
        • memory/320-62-0x000000000041C5D2-mapping.dmp
          Download
        • memory/320-63-0x0000000000400000-0x0000000000426000-memory.dmp
          Filesize

          152KB

          Download
        • memory/320-65-0x0000000004960000-0x0000000004961000-memory.dmp
          Filesize

          4KB

          Download
        • memory/1740-54-0x0000000000F50000-0x0000000000F51000-memory.dmp
          Filesize

          4KB

          Download
        • memory/1740-56-0x0000000000E80000-0x0000000000E81000-memory.dmp
          Filesize

          4KB

          Download