Analysis
-
max time kernel
167s -
max time network
181s -
platform
windows10-2004_x64 -
resource
win10v2004-20220310-en -
submitted
24-03-2022 15:54
General
-
Target
SkyBlade/StartGame.exe
-
Size
635KB
-
MD5
314c4df9143ade6211cabd4cc24782c5
-
SHA1
240229f2b1aa44bf50e6c14ba7f990373a1ead3e
-
SHA256
84377b2b4b6f40c40f6dd585bebc2190d1a0bd1d63ff67c951a714b840cef287
-
SHA512
69fd8881f188e3a89320649be87de6a465d43e90dd5c913ce602cbac42b3a31213718f63aaed612e1f55fcc0e14f8dadc2439c0ce0beaabf77b4ed55d3942e7b
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
1
C2
95.217.197.197:11343
Attributes
-
auth_value
95517c2a2f56575288c35d9dfde4a6aa
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 1 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\SkyBlade\StartGame.exe"C:\Users\Admin\AppData\Local\Temp\SkyBlade\StartGame.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/552-136-0x0000000000000000-mapping.dmp
-
memory/552-137-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/552-142-0x0000000005B00000-0x0000000006118000-memory.dmpFilesize
6.1MB
-
memory/552-143-0x00000000055A0000-0x00000000055B2000-memory.dmpFilesize
72KB
-
memory/552-144-0x00000000056D0000-0x00000000057DA000-memory.dmpFilesize
1.0MB
-
memory/552-145-0x0000000005600000-0x000000000563C000-memory.dmpFilesize
240KB
-
memory/4176-134-0x0000000002330000-0x0000000002390000-memory.dmpFilesize
384KB
-
memory/4176-135-0x0000000003450000-0x0000000003453000-memory.dmpFilesize
12KB