Analysis
-
max time kernel
138s -
max time network
149s -
platform
windows7_x64 -
resource
win7-en-20210920 -
submitted
21-10-2021 11:18
Static task
static1
Behavioral task
behavioral1
Sample
malware.exe
Resource
win7-en-20210920
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
malware.exe
Resource
win10-en-20211014
windows10_x64
0 signatures
0 seconds
General
-
Target
malware.exe
-
Size
74KB
-
MD5
0b5852f4a8a2e6564d2ce5fcc2b1c1b6
-
SHA1
5816c57939a76f68b215d6cb1ff3b767e946e206
-
SHA256
399cf5af7f474349a326acd048e86dab0eba9de5b3997bf89cd19070ddff27b7
-
SHA512
3ae1db17db5d4573814f744d9431ead1cba2ef21da203bbc054eca7d766f3cf146543463b0be04ed64227ae3d1bfbaf12c08a81a7df8e0a40c385697af13e343
Score
10/10
Malware Config
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1520-61-0x0000000000C90000-0x0000000000CC8000-memory.dmp family_redline -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
malware.exedescription pid process Token: SeDebugPrivilege 1520 malware.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1520-54-0x00000000013B0000-0x00000000013B1000-memory.dmpFilesize
4KB
-
memory/1520-56-0x0000000075FC1000-0x0000000075FC3000-memory.dmpFilesize
8KB
-
memory/1520-57-0x0000000000AF0000-0x0000000000AF1000-memory.dmpFilesize
4KB
-
memory/1520-59-0x0000000004C00000-0x0000000004C01000-memory.dmpFilesize
4KB
-
memory/1520-60-0x0000000000C00000-0x0000000000C3C000-memory.dmpFilesize
240KB
-
memory/1520-61-0x0000000000C90000-0x0000000000CC8000-memory.dmpFilesize
224KB
-
memory/1520-62-0x0000000000880000-0x0000000000881000-memory.dmpFilesize
4KB