Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    21-10-2021 19:20

General

  • Target

    185a530630aa8c6119961d12787bfa9aefb18078b44ac06fcddf61617a59359e.exe

  • Size

    337KB

  • MD5

    8fe6df0097acf109819437e32b1f7941

  • SHA1

    b08ba46ff566ba6ccec7beba8bdb8397f094f0f5

  • SHA256

    185a530630aa8c6119961d12787bfa9aefb18078b44ac06fcddf61617a59359e

  • SHA512

    439164434078af46db5ed7c9072afe6cc9151f2de51fa2ef5b82c96879886c4946f010ec583ec6f61f8c38deebd8b0e98cafb1e10d87fa60881c0edc22b90354

Score
10/10

Malware Config

Extracted

Family

redline

Botnet

UTS

C2

45.9.20.182:52236

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  • RedLine Payload 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\185a530630aa8c6119961d12787bfa9aefb18078b44ac06fcddf61617a59359e.exe
    "C:\Users\Admin\AppData\Local\Temp\185a530630aa8c6119961d12787bfa9aefb18078b44ac06fcddf61617a59359e.exe"
    1⤵
      PID:3760

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3760-115-0x0000000004C50000-0x0000000004C72000-memory.dmp
      Filesize

      136KB

    • memory/3760-116-0x0000000004C80000-0x0000000004CB0000-memory.dmp
      Filesize

      192KB

    • memory/3760-117-0x0000000000400000-0x0000000002F1B000-memory.dmp
      Filesize

      43.1MB

    • memory/3760-118-0x0000000004D80000-0x0000000004D9F000-memory.dmp
      Filesize

      124KB

    • memory/3760-119-0x00000000076D0000-0x00000000076D1000-memory.dmp
      Filesize

      4KB

    • memory/3760-120-0x0000000004E50000-0x0000000004E6D000-memory.dmp
      Filesize

      116KB

    • memory/3760-121-0x0000000007BD0000-0x0000000007BD1000-memory.dmp
      Filesize

      4KB

    • memory/3760-122-0x0000000007660000-0x0000000007661000-memory.dmp
      Filesize

      4KB

    • memory/3760-123-0x00000000081E0000-0x00000000081E1000-memory.dmp
      Filesize

      4KB

    • memory/3760-124-0x00000000082F0000-0x00000000082F1000-memory.dmp
      Filesize

      4KB

    • memory/3760-125-0x00000000076C0000-0x00000000076C1000-memory.dmp
      Filesize

      4KB

    • memory/3760-126-0x00000000076C2000-0x00000000076C3000-memory.dmp
      Filesize

      4KB

    • memory/3760-127-0x00000000076C3000-0x00000000076C4000-memory.dmp
      Filesize

      4KB

    • memory/3760-128-0x00000000076C4000-0x00000000076C6000-memory.dmp
      Filesize

      8KB

    • memory/3760-129-0x0000000008340000-0x0000000008341000-memory.dmp
      Filesize

      4KB