Analysis
-
max time kernel
4294217s -
max time network
173s -
platform
windows7_x64 -
resource
win7-20220311-en -
submitted
30-03-2022 01:16
General
-
Target
48386b5e10af37dba31932d2695083372589cf4eb0b2842eeaad610ffe39ec73.exe
-
Size
512KB
-
MD5
ffb297b8939840edc1e6f08e72190b4d
-
SHA1
61913bb94988dbbc39639cefa19f008ab83dea88
-
SHA256
48386b5e10af37dba31932d2695083372589cf4eb0b2842eeaad610ffe39ec73
-
SHA512
32a2f2a4c3c64e436e342993004bbfd604e96dff5a306e648db73762471ac2bd4a0b928eecd2649852916f8dd020d9c3d10b752dd4c862b2e56a6a2a4aa9af10
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
22
C2
93.115.22.78:35200
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\48386b5e10af37dba31932d2695083372589cf4eb0b2842eeaad610ffe39ec73.exe"C:\Users\Admin\AppData\Local\Temp\48386b5e10af37dba31932d2695083372589cf4eb0b2842eeaad610ffe39ec73.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1092-54-0x00000000047D0000-0x00000000047FA000-memory.dmpFilesize
168KB
-
memory/1092-55-0x0000000004A90000-0x0000000004AB8000-memory.dmpFilesize
160KB
-
memory/1092-57-0x0000000000260000-0x0000000000292000-memory.dmpFilesize
200KB
-
memory/1092-56-0x0000000000230000-0x0000000000254000-memory.dmpFilesize
144KB
-
memory/1092-59-0x0000000008BD4000-0x0000000008BD6000-memory.dmpFilesize
8KB
-
memory/1092-58-0x0000000000400000-0x00000000046E1000-memory.dmpFilesize
66.9MB