Analysis
-
max time kernel
4294206s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20220311-en -
submitted
30-03-2022 09:08
General
-
Target
22efcc1bc26067f886faf501aee60f1cbc8ba05078d316a4df89fbced0ea84b3.exe
-
Size
279KB
-
MD5
9e448f4628fdd271af8c14fcebcf7619
-
SHA1
9c1f14f19b60654332a04d316cef95f80d7b8ba0
-
SHA256
22efcc1bc26067f886faf501aee60f1cbc8ba05078d316a4df89fbced0ea84b3
-
SHA512
1ba26d981e8116c7efe692489882c320df17d2f3c216beedd100308222be7e09faf251a84b35f33ad7ec3a5a21627bb053393e851b23366c226a7b6b0dcdee6f
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
NEW_YEAR_BTC
C2
86.105.252.12:35200
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\22efcc1bc26067f886faf501aee60f1cbc8ba05078d316a4df89fbced0ea84b3.exe"C:\Users\Admin\AppData\Local\Temp\22efcc1bc26067f886faf501aee60f1cbc8ba05078d316a4df89fbced0ea84b3.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2016-54-0x000000000027B000-0x00000000002A0000-memory.dmpFilesize
148KB
-
memory/2016-55-0x0000000002480000-0x00000000024AA000-memory.dmpFilesize
168KB
-
memory/2016-56-0x0000000002500000-0x0000000002528000-memory.dmpFilesize
160KB
-
memory/2016-57-0x000000000027B000-0x00000000002A0000-memory.dmpFilesize
148KB
-
memory/2016-58-0x00000000008F0000-0x0000000000922000-memory.dmpFilesize
200KB
-
memory/2016-59-0x0000000000400000-0x00000000008E5000-memory.dmpFilesize
4.9MB
-
memory/2016-60-0x0000000002554000-0x0000000002556000-memory.dmpFilesize
8KB