Overview

overview

10

Static

static

10

appconsole.exe

windows7_x64

10

appconsole.exe

windows10-2004_x64

10

azorult.exe

windows7_x64

10

azorult.exe

windows10-2004_x64

10

clipper.exe

windows7_x64

1

clipper.exe

windows10-2004_x64

1

jester_stealer.exe

windows7_x64

10

jester_stealer.exe

windows10-2004_x64

10

lokibot.exe

windows7_x64

10

lokibot.exe

windows10-2004_x64

10

pony.exe

windows7_x64

10

pony.exe

windows10-2004_x64

10

raccoon.exe

windows7_x64

10

raccoon.exe

windows10-2004_x64

10

redline.exe

windows7_x64

10

redline.exe

windows10-2004_x64

10

tesla.exe

windows7_x64

10

tesla.exe

windows10-2004_x64

10

vidar.xll

windows7_x64

7

vidar.xll

windows10-2004_x64

10

Analysis

  • max time kernel
    608s
  • max time network
    613s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    28-04-2022 07:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    redline.exe

  • Size

    128KB

  • MD5

    db7dd90469851c7a23a2c988a7a14183

  • SHA1

    becc32c125c861284d9aae17136439b15b571fc4

  • SHA256

    f27735f17f24531842cf9d0bf7478181d8a2bd640db8f984ec0a9431904ba4ce

  • SHA512

    d595a338e095182210297d76662f859b3972b1ca9ee4d1297b624a6d9ce5ab4f9557139c22f64d9dbb26f05003b37c327740935a0da0a390489b1d3a7332bd72

Score
10/10
redline@solitarruinfostealer

Malware Config

Extracted

Family

redline

Botnet

@Solitarru

C2

45.133.217.148:65255

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\redline.exe
    "C:\Users\Admin\AppData\Local\Temp\redline.exe"
    1⤵
      PID:396

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/396-130-0x0000000000030000-0x0000000000050000-memory.dmp

      Filesize

      128KB

      Download

    • memory/396-131-0x0000000004FF0000-0x0000000005594000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/396-132-0x0000000004B40000-0x0000000004BD2000-memory.dmp

      Filesize

      584KB

      Download

    • memory/396-133-0x0000000005BC0000-0x00000000061D8000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/396-134-0x0000000004C10000-0x0000000004C22000-memory.dmp

      Filesize

      72KB

      Download

    • memory/396-135-0x0000000004EC0000-0x0000000004FCA000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/396-136-0x00000000055E0000-0x000000000561C000-memory.dmp

      Filesize

      240KB

      Download