Analysis
-
max time kernel
147s -
max time network
151s -
platform
windows7_x64 -
resource
win7-en-20210920 -
submitted
15-10-2021 17:19
Static task
static1
Behavioral task
behavioral1
Sample
64ed8af82d056d4a168a7a7b8c325df25cb58a809fd579bf6258b70b963d9149.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
64ed8af82d056d4a168a7a7b8c325df25cb58a809fd579bf6258b70b963d9149.exe
Resource
win10-en-20210920
General
-
Target
64ed8af82d056d4a168a7a7b8c325df25cb58a809fd579bf6258b70b963d9149.exe
-
Size
309KB
-
MD5
4a4bb2d0413cdcd6542913f83944bb4e
-
SHA1
14c4317c38092d32517497769395bb89a13db471
-
SHA256
64ed8af82d056d4a168a7a7b8c325df25cb58a809fd579bf6258b70b963d9149
-
SHA512
851ce7922c8666adf11189b606a3f4364d41c04c97586ee5a832834df30edf7c48eb76bba5b8cabc2848a51694064596d55c907fce47d369011ee95b983acf36
Malware Config
Extracted
redline
usamoney
45.142.215.47:27643
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/2004-54-0x0000000002000000-0x000000000201F000-memory.dmp family_redline behavioral1/memory/2004-55-0x0000000002020000-0x000000000203D000-memory.dmp family_redline
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2004-53-0x000000000091D000-0x0000000000940000-memory.dmpFilesize
140KB
-
memory/2004-54-0x0000000002000000-0x000000000201F000-memory.dmpFilesize
124KB
-
memory/2004-55-0x0000000002020000-0x000000000203D000-memory.dmpFilesize
116KB
-
memory/2004-57-0x0000000000400000-0x00000000004BF000-memory.dmpFilesize
764KB
-
memory/2004-56-0x0000000000230000-0x0000000000260000-memory.dmpFilesize
192KB
-
memory/2004-58-0x0000000004B11000-0x0000000004B12000-memory.dmpFilesize
4KB
-
memory/2004-59-0x0000000004B12000-0x0000000004B13000-memory.dmpFilesize
4KB
-
memory/2004-60-0x0000000004B13000-0x0000000004B14000-memory.dmpFilesize
4KB
-
memory/2004-61-0x0000000004B14000-0x0000000004B16000-memory.dmpFilesize
8KB