Analysis
-
max time kernel
139s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
04-06-2022 08:14
Behavioral task
behavioral1
Sample
1131717923a6ed6529b1a51ab77aa7128e18a67989938073602de5f776b4e1cb.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1131717923a6ed6529b1a51ab77aa7128e18a67989938073602de5f776b4e1cb.exe
Resource
win10v2004-20220414-en
General
-
Target
1131717923a6ed6529b1a51ab77aa7128e18a67989938073602de5f776b4e1cb.exe
-
Size
107KB
-
MD5
5db217e32cfb326a9428601d3b487757
-
SHA1
ae9c2b1bbd494d75f3d2b29c59281578b75023e6
-
SHA256
1131717923a6ed6529b1a51ab77aa7128e18a67989938073602de5f776b4e1cb
-
SHA512
9ddb4de3bd7b458b018e27210b8f34d93eb16e40c4e188dacc36a70e3eff53c5d7d28240f3085437abb82f5e1e7885e7d4863235a2628c40c8be0dca5e15c9ea
Malware Config
Extracted
redline
ISTALL1
86.107.197.196:63065
-
auth_value
5fe37244c13b89671311b4f994adce81
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/4516-130-0x0000000000980000-0x00000000009A0000-memory.dmp family_redline
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4516-130-0x0000000000980000-0x00000000009A0000-memory.dmpFilesize
128KB
-
memory/4516-131-0x00000000057C0000-0x0000000005DD8000-memory.dmpFilesize
6.1MB
-
memory/4516-132-0x00000000051D0000-0x00000000051E2000-memory.dmpFilesize
72KB
-
memory/4516-133-0x0000000005300000-0x000000000540A000-memory.dmpFilesize
1.0MB
-
memory/4516-134-0x0000000005260000-0x000000000529C000-memory.dmpFilesize
240KB