Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
29-06-2022 21:00
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
tmp.exe
-
Size
1.3MB
-
MD5
b9e6d401a63b2ed2a60380307506edb8
-
SHA1
be0ec6271f20578ffb2523a8b5c2d3fbf07949e5
-
SHA256
50fe97e2ed07a016233860ededd36e47c077857d2b14b919a21a5f892a432ea3
-
SHA512
a0a853b292d2c2ab838c83234756c89c719c2b37ecdebb650f15fb1ef86bbda3d1ee1f3c3c596e9ef27e687b15bc3a40bbce7b66b5919366f0f7bbfb18219fae
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
76
C2
139.99.32.83:43199
Attributes
-
auth_value
44d461325298129ed3c705440f57962c
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1416-55-0x0000000000600000-0x0000000000620000-memory.dmp family_redline