Analysis
-
max time kernel
4294217s -
max time network
173s -
platform
windows7_x64 -
resource
win7-20220311-en -
submitted
30-03-2022 01:16
Static task
static1
Behavioral task
behavioral1
Sample
48386b5e10af37dba31932d2695083372589cf4eb0b2842eeaad610ffe39ec73.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
48386b5e10af37dba31932d2695083372589cf4eb0b2842eeaad610ffe39ec73.exe
Resource
win10v2004-20220310-en
General
-
Target
48386b5e10af37dba31932d2695083372589cf4eb0b2842eeaad610ffe39ec73.exe
-
Size
512KB
-
MD5
ffb297b8939840edc1e6f08e72190b4d
-
SHA1
61913bb94988dbbc39639cefa19f008ab83dea88
-
SHA256
48386b5e10af37dba31932d2695083372589cf4eb0b2842eeaad610ffe39ec73
-
SHA512
32a2f2a4c3c64e436e342993004bbfd604e96dff5a306e648db73762471ac2bd4a0b928eecd2649852916f8dd020d9c3d10b752dd4c862b2e56a6a2a4aa9af10
Malware Config
Extracted
redline
22
93.115.22.78:35200
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/1092-54-0x00000000047D0000-0x00000000047FA000-memory.dmp family_redline behavioral1/memory/1092-55-0x0000000004A90000-0x0000000004AB8000-memory.dmp family_redline -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
48386b5e10af37dba31932d2695083372589cf4eb0b2842eeaad610ffe39ec73.exedescription pid process Token: SeDebugPrivilege 1092 48386b5e10af37dba31932d2695083372589cf4eb0b2842eeaad610ffe39ec73.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1092-54-0x00000000047D0000-0x00000000047FA000-memory.dmpFilesize
168KB
-
memory/1092-55-0x0000000004A90000-0x0000000004AB8000-memory.dmpFilesize
160KB
-
memory/1092-57-0x0000000000260000-0x0000000000292000-memory.dmpFilesize
200KB
-
memory/1092-56-0x0000000000230000-0x0000000000254000-memory.dmpFilesize
144KB
-
memory/1092-59-0x0000000008BD4000-0x0000000008BD6000-memory.dmpFilesize
8KB
-
memory/1092-58-0x0000000000400000-0x00000000046E1000-memory.dmpFilesize
66.9MB