Analysis
-
max time kernel
137s -
max time network
149s -
platform
windows7_x64 -
resource
win7-en-20211104 -
submitted
05-11-2021 00:17
General
-
Target
960dabeaba026a8f3dd5bb4804bbc3a6.exe
-
Size
283KB
-
MD5
960dabeaba026a8f3dd5bb4804bbc3a6
-
SHA1
93d1996201367201272951680da7341d1ba6b0e9
-
SHA256
1cecdad060bd49501aca8560f70a1dafda7de6d1482a30f18902787ee860c1bd
-
SHA512
792375ceb92ffd7f78991db711728b146d91a0ef7d36aab102d49915619e5f064689b84c6c24c4f6db2054bbf3987178f3eb15fa50a7fb12a717fa2cb1fb0aec
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
khrip
C2
91.211.251.200:52562
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\960dabeaba026a8f3dd5bb4804bbc3a6.exe"C:\Users\Admin\AppData\Local\Temp\960dabeaba026a8f3dd5bb4804bbc3a6.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/776-56-0x0000000000250000-0x0000000000289000-memory.dmpFilesize
228KB
-
memory/776-57-0x0000000000400000-0x0000000000452000-memory.dmpFilesize
328KB
-
memory/776-55-0x0000000000220000-0x000000000024B000-memory.dmpFilesize
172KB
-
memory/776-58-0x0000000004931000-0x0000000004932000-memory.dmpFilesize
4KB
-
memory/776-59-0x0000000000540000-0x000000000056D000-memory.dmpFilesize
180KB
-
memory/776-60-0x0000000000580000-0x00000000005AC000-memory.dmpFilesize
176KB
-
memory/776-62-0x0000000004933000-0x0000000004934000-memory.dmpFilesize
4KB
-
memory/776-61-0x0000000004932000-0x0000000004933000-memory.dmpFilesize
4KB
-
memory/776-63-0x0000000004934000-0x0000000004936000-memory.dmpFilesize
8KB