Overview

overview

10

Static

static

1

filecoder.dmg

macos_amd64

1

flawedammyy.exe

windows7_x64

10

flawedammyy.exe

windows10-2004_x64

10

qakbot.dll

windows7_x64

10

qakbot.dll

windows10-2004_x64

10

redline.exe

windows7_x64

10

redline.exe

windows10-2004_x64

10

seon.exe

windows7_x64

10

seon.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    151s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    24-06-2022 13:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    redline.exe

  • Size

    569KB

  • MD5

    4842156a83bbc8f5b1b46b0e2a597ab4

  • SHA1

    bdda0f367bf93fa75e2bf4b632daab8b615c9c69

  • SHA256

    24dc9485b3fcea21dc81118d045d6bd13ca40f04dcc905662b70f4ed5754f003

  • SHA512

    f0fe9c63fc8fd1333297b76f7f0ed414535ffb4f8ab96906c8207840bf63688d8b6e0de8053e7882eeb616ddf83c8021d5940adc9fcba4e8fd1e342c67343f73

Score
10/10
redlinekreatorinfostealer

Malware Config

Extracted

Family

redline

Botnet

KREATOR

C2

45.140.146.214:20498

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 4 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\redline.exe
    "C:\Users\Admin\AppData\Local\Temp\redline.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1992
    • C:\Users\Admin\AppData\Local\Temp\redline.exe
      C:\Users\Admin\AppData\Local\Temp\redline.exe
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1384-57-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/1384-60-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/1384-62-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/1992-54-0x00000000011C0000-0x0000000001252000-memory.dmp

    Filesize

    584KB

    Download

  • memory/1992-55-0x0000000074E91000-0x0000000074E93000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1992-56-0x0000000000640000-0x000000000064E000-memory.dmp

    Filesize

    56KB

    Download