Analysis
-
max time kernel
143s -
max time network
161s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
14-07-2022 06:55
General
-
Target
404b89fe3e18d018df4f30af647e474f.exe
-
Size
407KB
-
MD5
404b89fe3e18d018df4f30af647e474f
-
SHA1
2f8720f1548d505720d0966a43a6a1cedd73ac74
-
SHA256
9ee2246cc32c5d62c41f8144a951ecb1a25999ba0e63fd8a5ab8a9aaeae227b0
-
SHA512
0563a99ffb4f8bad11e3f3ed9bdf86db2b52d6a63a3df3b89058257e0ec3740dbb7494b795512b895e36e3e99d27b49513d4a1a7c4cd6ce5700adee7a0580483
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
top
C2
185.215.113.75:81
Attributes
-
auth_value
ff6259bc2baf33b54b454aad484fb0ee
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\404b89fe3e18d018df4f30af647e474f.exe"C:\Users\Admin\AppData\Local\Temp\404b89fe3e18d018df4f30af647e474f.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/776-54-0x0000000002580000-0x00000000025B0000-memory.dmpFilesize
192KB
-
memory/776-55-0x00000000025B0000-0x00000000025DE000-memory.dmpFilesize
184KB
-
memory/776-56-0x00000000753B1000-0x00000000753B3000-memory.dmpFilesize
8KB
-
memory/776-57-0x00000000009BE000-0x00000000009E8000-memory.dmpFilesize
168KB
-
memory/776-58-0x00000000002A0000-0x00000000002D7000-memory.dmpFilesize
220KB
-
memory/776-59-0x0000000000400000-0x000000000092E000-memory.dmpFilesize
5.2MB