Overview

overview

10

Static

static

72b06da5e2...5f.exe

windows7_x64

10

72b06da5e2...5f.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    141s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    03-03-2022 12:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    72b06da5e2d23ee12b89d891e80bda5f.exe

  • Size

    487KB

  • MD5

    72b06da5e2d23ee12b89d891e80bda5f

  • SHA1

    1e31ab5828fa44e161060d64a37dedcac6909b2b

  • SHA256

    c25e427b4cc4f925eb98334fd1795f2e3dc09eaf4df8cf1342dbca9ae33e18f9

  • SHA512

    1c0e8761f814ae511b962b45e9136e095c6ef1113c6e02ac17b5fdba0186d5b2b1c93f24554eb8ba00b6394b92f8f1153e4fe58f868e29d5cd6a4a98acf62d90

Score
10/10
redlinenew1infostealer

Malware Config

Extracted

Family

redline

Botnet

new1

C2

78.47.178.190:24520

Attributes
  • auth_value

    b9c3e1c18594ac1d05598a5a956de4fb

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\72b06da5e2d23ee12b89d891e80bda5f.exe
    "C:\Users\Admin\AppData\Local\Temp\72b06da5e2d23ee12b89d891e80bda5f.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1660
    • C:\Users\Admin\AppData\Local\Temp\72b06da5e2d23ee12b89d891e80bda5f.exe
      C:\Users\Admin\AppData\Local\Temp\72b06da5e2d23ee12b89d891e80bda5f.exe
      2⤵
        PID:2684
      • C:\Users\Admin\AppData\Local\Temp\72b06da5e2d23ee12b89d891e80bda5f.exe
        C:\Users\Admin\AppData\Local\Temp\72b06da5e2d23ee12b89d891e80bda5f.exe
        2⤵
          PID:1512

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\72b06da5e2d23ee12b89d891e80bda5f.exe.log
        MD5

        e5352797047ad2c91b83e933b24fbc4f

        SHA1

        9bf8ac99b6cbf7ce86ce69524c25e3df75b4d772

        SHA256

        b4643874d42d232c55bfbb75c36da41809d0c9ba4b2a203049aa82950345325c

        SHA512

        dd2fc1966c8b3c9511f14801d1ce8110d6bca276a58216b5eeb0a3cfbb0cc8137ea14efbf790e63736230141da456cbaaa4e5c66f2884d4cfe68f499476fd827

        Download Submit
      • memory/1512-139-0x0000000005C10000-0x0000000006228000-memory.dmp
        Filesize

        6.1MB

        Download
      • memory/1512-136-0x0000000000400000-0x0000000000420000-memory.dmp
        Filesize

        128KB

        Download
      • memory/1512-138-0x000000007477E000-0x000000007477F000-memory.dmp
        Filesize

        4KB

        Download
      • memory/1512-140-0x00000000056A0000-0x00000000056B2000-memory.dmp
        Filesize

        72KB

        Download
      • memory/1512-141-0x00000000057D0000-0x00000000058DA000-memory.dmp
        Filesize

        1.0MB

        Download
      • memory/1512-142-0x0000000005730000-0x000000000576C000-memory.dmp
        Filesize

        240KB

        Download
      • memory/1512-143-0x00000000056E0000-0x00000000056E1000-memory.dmp
        Filesize

        4KB

        Download
      • memory/1660-132-0x0000000004890000-0x0000000004891000-memory.dmp
        Filesize

        4KB

        Download
      • memory/1660-133-0x0000000004920000-0x0000000004996000-memory.dmp
        Filesize

        472KB

        Download
      • memory/1660-134-0x00000000048C0000-0x00000000048DE000-memory.dmp
        Filesize

        120KB

        Download
      • memory/1660-135-0x0000000004FE0000-0x0000000005584000-memory.dmp
        Filesize

        5.6MB

        Download
      • memory/1660-131-0x000000007476E000-0x000000007476F000-memory.dmp
        Filesize

        4KB

        Download
      • memory/1660-130-0x0000000000040000-0x00000000000C0000-memory.dmp
        Filesize

        512KB

        Download