Overview

overview

10

Static

static

0a5868a0d7...d4.exe

windows7_x64

10

0a5868a0d7...d4.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    162s
  • max time network
    166s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    30-05-2022 15:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0a5868a0d7675fa7337a8da498274608c29715d615288d2e0d7a728425ebd9d4.exe

  • Size

    486KB

  • MD5

    94171bdb6de49f25dfa8185e60082b36

  • SHA1

    dcd0848a0152bc09940a39c3093b4887fed53883

  • SHA256

    0a5868a0d7675fa7337a8da498274608c29715d615288d2e0d7a728425ebd9d4

  • SHA512

    0fe844b78b66bab1ab36afc01adc95d2e9b90ec42efac9d510ecfac4d21c9ca49d4d037becc7613b4a1db33af7795b5e75ccea03fec1a5af85d67908a173385b

Score
10/10
redline600$5infostealer

Malware Config

Extracted

Family

redline

Botnet

600$5

C2

193.38.235.192:43770

Attributes
  • auth_value

    dd54f25665dc6af5439959d34a36bf6b

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 6 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0a5868a0d7675fa7337a8da498274608c29715d615288d2e0d7a728425ebd9d4.exe
    "C:\Users\Admin\AppData\Local\Temp\0a5868a0d7675fa7337a8da498274608c29715d615288d2e0d7a728425ebd9d4.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/768-130-0x0000000000740000-0x00000000008D8000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/768-131-0x0000000000740000-0x00000000008D8000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/768-132-0x0000000002980000-0x00000000029C6000-memory.dmp
    Filesize

    280KB

    Download
  • memory/768-133-0x0000000000740000-0x00000000008D8000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/768-134-0x0000000002980000-0x00000000029C6000-memory.dmp
    Filesize

    280KB

    Download
  • memory/768-135-0x0000000076850000-0x0000000076A65000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/768-136-0x0000000000740000-0x00000000008D8000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/768-137-0x0000000076F40000-0x00000000771C1000-memory.dmp
    Filesize

    2.5MB

    Download
  • memory/768-138-0x0000000000740000-0x00000000008D8000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/768-139-0x0000000076B20000-0x0000000076C03000-memory.dmp
    Filesize

    908KB

    Download
  • memory/768-140-0x0000000000740000-0x00000000008D8000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/768-141-0x00000000731A0000-0x0000000073229000-memory.dmp
    Filesize

    548KB

    Download
  • memory/768-142-0x0000000077230000-0x00000000777E3000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/768-143-0x0000000005B20000-0x0000000006138000-memory.dmp
    Filesize

    6.1MB

    Download
  • memory/768-144-0x0000000005530000-0x0000000005542000-memory.dmp
    Filesize

    72KB

    Download
  • memory/768-145-0x0000000005660000-0x000000000576A000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/768-146-0x0000000005590000-0x00000000055CC000-memory.dmp
    Filesize

    240KB

    Download
  • memory/768-147-0x000000006E9B0000-0x000000006E9FC000-memory.dmp
    Filesize

    304KB

    Download