Analysis
-
max time kernel
145s -
max time network
148s -
platform
windows7_x64 -
resource
win7-en-20211014 -
submitted
21-10-2021 09:57
Static task
static1
Behavioral task
behavioral1
Sample
d0cf776ea71c1d2c10b0fe9e6da3dd3a.exe
Resource
win7-en-20211014
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
d0cf776ea71c1d2c10b0fe9e6da3dd3a.exe
Resource
win10-en-20210920
windows10_x64
0 signatures
0 seconds
General
-
Target
d0cf776ea71c1d2c10b0fe9e6da3dd3a.exe
-
Size
364KB
-
MD5
d0cf776ea71c1d2c10b0fe9e6da3dd3a
-
SHA1
483623f7a2e9f4073c25e45d72647728fe5e2cd4
-
SHA256
d946346ab664704d592158a3ad2de706d92b9301ac95982f224f2069f39f1c2c
-
SHA512
629e7d096a17f20ac657bd862b427ef0c9c1dd228d7e90be4b855ca561104f722bfd58e9c7a7344b5feb9e0e4f3fa3ba07bc1ee6b7c0030ad8fb26d1917307de
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
paladin
C2
188.68.201.6:10085
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/1152-58-0x0000000004B80000-0x0000000004BAF000-memory.dmp family_redline behavioral1/memory/1152-60-0x0000000007210000-0x000000000723E000-memory.dmp family_redline
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1152-55-0x00000000002D0000-0x00000000002F9000-memory.dmpFilesize
164KB
-
memory/1152-56-0x0000000000350000-0x0000000000394000-memory.dmpFilesize
272KB
-
memory/1152-57-0x0000000000400000-0x0000000002F21000-memory.dmpFilesize
43.1MB
-
memory/1152-58-0x0000000004B80000-0x0000000004BAF000-memory.dmpFilesize
188KB
-
memory/1152-59-0x00000000071D1000-0x00000000071D2000-memory.dmpFilesize
4KB
-
memory/1152-60-0x0000000007210000-0x000000000723E000-memory.dmpFilesize
184KB
-
memory/1152-61-0x00000000071D2000-0x00000000071D3000-memory.dmpFilesize
4KB
-
memory/1152-62-0x00000000071D3000-0x00000000071D4000-memory.dmpFilesize
4KB
-
memory/1152-63-0x00000000071D4000-0x00000000071D6000-memory.dmpFilesize
8KB