Analysis
-
max time kernel
147s -
max time network
151s -
platform
windows7_x64 -
resource
win7-en-20210920 -
submitted
15-10-2021 17:19
General
-
Target
64ed8af82d056d4a168a7a7b8c325df25cb58a809fd579bf6258b70b963d9149.exe
-
Size
309KB
-
MD5
4a4bb2d0413cdcd6542913f83944bb4e
-
SHA1
14c4317c38092d32517497769395bb89a13db471
-
SHA256
64ed8af82d056d4a168a7a7b8c325df25cb58a809fd579bf6258b70b963d9149
-
SHA512
851ce7922c8666adf11189b606a3f4364d41c04c97586ee5a832834df30edf7c48eb76bba5b8cabc2848a51694064596d55c907fce47d369011ee95b983acf36
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
usamoney
C2
45.142.215.47:27643
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\64ed8af82d056d4a168a7a7b8c325df25cb58a809fd579bf6258b70b963d9149.exe"C:\Users\Admin\AppData\Local\Temp\64ed8af82d056d4a168a7a7b8c325df25cb58a809fd579bf6258b70b963d9149.exe"1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2004-53-0x000000000091D000-0x0000000000940000-memory.dmpFilesize
140KB
-
memory/2004-54-0x0000000002000000-0x000000000201F000-memory.dmpFilesize
124KB
-
memory/2004-55-0x0000000002020000-0x000000000203D000-memory.dmpFilesize
116KB
-
memory/2004-57-0x0000000000400000-0x00000000004BF000-memory.dmpFilesize
764KB
-
memory/2004-56-0x0000000000230000-0x0000000000260000-memory.dmpFilesize
192KB
-
memory/2004-58-0x0000000004B11000-0x0000000004B12000-memory.dmpFilesize
4KB
-
memory/2004-59-0x0000000004B12000-0x0000000004B13000-memory.dmpFilesize
4KB
-
memory/2004-60-0x0000000004B13000-0x0000000004B14000-memory.dmpFilesize
4KB
-
memory/2004-61-0x0000000004B14000-0x0000000004B16000-memory.dmpFilesize
8KB