Overview

overview

10

Static

static

0a5868a0d7...d4.exe

windows7_x64

10

0a5868a0d7...d4.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    144s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    30-05-2022 15:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0a5868a0d7675fa7337a8da498274608c29715d615288d2e0d7a728425ebd9d4.exe

  • Size

    486KB

  • MD5

    94171bdb6de49f25dfa8185e60082b36

  • SHA1

    dcd0848a0152bc09940a39c3093b4887fed53883

  • SHA256

    0a5868a0d7675fa7337a8da498274608c29715d615288d2e0d7a728425ebd9d4

  • SHA512

    0fe844b78b66bab1ab36afc01adc95d2e9b90ec42efac9d510ecfac4d21c9ca49d4d037becc7613b4a1db33af7795b5e75ccea03fec1a5af85d67908a173385b

Score
10/10
redline600$5infostealer

Malware Config

Extracted

Family

redline

Botnet

600$5

C2

193.38.235.192:43770

Attributes
  • auth_value

    dd54f25665dc6af5439959d34a36bf6b

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 5 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0a5868a0d7675fa7337a8da498274608c29715d615288d2e0d7a728425ebd9d4.exe
    "C:\Users\Admin\AppData\Local\Temp\0a5868a0d7675fa7337a8da498274608c29715d615288d2e0d7a728425ebd9d4.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/536-54-0x0000000075B61000-0x0000000075B63000-memory.dmp
    Filesize

    8KB

    Download
  • memory/536-55-0x00000000748C0000-0x000000007490A000-memory.dmp
    Filesize

    296KB

    Download
  • memory/536-56-0x0000000000BD0000-0x0000000000D68000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/536-58-0x0000000076B70000-0x0000000076C1C000-memory.dmp
    Filesize

    688KB

    Download
  • memory/536-59-0x0000000075700000-0x0000000075747000-memory.dmp
    Filesize

    284KB

    Download
  • memory/536-60-0x0000000075330000-0x0000000075387000-memory.dmp
    Filesize

    348KB

    Download
  • memory/536-61-0x00000000746E0000-0x00000000746E9000-memory.dmp
    Filesize

    36KB

    Download
  • memory/536-63-0x0000000074D80000-0x0000000074EDC000-memory.dmp
    Filesize

    1.4MB

    Download
  • memory/536-64-0x0000000000BD0000-0x0000000000D68000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/536-65-0x0000000075AD0000-0x0000000075B5F000-memory.dmp
    Filesize

    572KB

    Download
  • memory/536-68-0x0000000000BD0000-0x0000000000D68000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/536-69-0x0000000000230000-0x0000000000276000-memory.dmp
    Filesize

    280KB

    Download
  • memory/536-67-0x0000000075B60000-0x00000000767AA000-memory.dmp
    Filesize

    12.3MB

    Download
  • memory/536-70-0x0000000000BD0000-0x0000000000D68000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/536-71-0x0000000075700000-0x0000000075747000-memory.dmp
    Filesize

    284KB

    Download
  • memory/536-72-0x000000006CDC0000-0x000000006CDD7000-memory.dmp
    Filesize

    92KB

    Download
  • memory/536-73-0x0000000072130000-0x00000000734BF000-memory.dmp
    Filesize

    19.6MB

    Download
  • memory/536-74-0x0000000074BC0000-0x0000000074BF5000-memory.dmp
    Filesize

    212KB

    Download
  • memory/536-75-0x0000000071720000-0x0000000072130000-memory.dmp
    Filesize

    10.1MB

    Download
  • memory/536-76-0x0000000070F40000-0x0000000071720000-memory.dmp
    Filesize

    7.9MB

    Download
  • memory/536-77-0x0000000073A60000-0x0000000073E53000-memory.dmp
    Filesize

    3.9MB

    Download
  • memory/536-78-0x0000000070390000-0x0000000070F3E000-memory.dmp
    Filesize

    11.7MB

    Download
  • memory/536-79-0x000000006F080000-0x0000000070387000-memory.dmp
    Filesize

    19.0MB

    Download
  • memory/536-80-0x000000006D9B0000-0x000000006DC98000-memory.dmp
    Filesize

    2.9MB

    Download
  • memory/536-81-0x000000006D6F0000-0x000000006D9AB000-memory.dmp
    Filesize

    2.7MB

    Download
  • memory/536-82-0x00000000734D0000-0x00000000734F0000-memory.dmp
    Filesize

    128KB

    Download
  • memory/536-83-0x000000006CFB0000-0x000000006D6EE000-memory.dmp
    Filesize

    7.2MB

    Download
  • memory/536-84-0x000000006CEE0000-0x000000006CFA9000-memory.dmp
    Filesize

    804KB

    Download
  • memory/536-85-0x000000006CDE0000-0x000000006CEDC000-memory.dmp
    Filesize

    1008KB

    Download
  • memory/536-86-0x000000006DCA0000-0x000000006EFAF000-memory.dmp
    Filesize

    19.1MB

    Download
  • memory/536-87-0x0000000072130000-0x00000000734BF000-memory.dmp
    Filesize

    19.6MB

    Download
  • memory/536-88-0x0000000000BD0000-0x0000000000D68000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/536-89-0x0000000000230000-0x0000000000276000-memory.dmp
    Filesize

    280KB

    Download
  • memory/536-90-0x0000000075700000-0x0000000075747000-memory.dmp
    Filesize

    284KB

    Download
  • memory/536-91-0x0000000071720000-0x0000000072130000-memory.dmp
    Filesize

    10.1MB

    Download
  • memory/536-92-0x00000000734D0000-0x00000000734F0000-memory.dmp
    Filesize

    128KB

    Download
  • memory/536-93-0x000000006CEE0000-0x000000006CFA9000-memory.dmp
    Filesize

    804KB

    Download
  • memory/536-94-0x000000006DCA0000-0x000000006EFAF000-memory.dmp
    Filesize

    19.1MB

    Download