Analysis
-
max time kernel
42s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20220718-en -
resource tags
-
submitted
02-08-2022 18:51
General
-
Target
FF90905D1ABECCC0E92D4856B0F670ADC89CFE3A25EA8.exe
-
Size
397KB
-
MD5
434af4d968858a19e4402867c52f1d0d
-
SHA1
e0c45079cc38749b424e5e5bfd31f73a4dd8a1d2
-
SHA256
ff90905d1abeccc0e92d4856b0f670adc89cfe3a25ea8bf7aff818aeed3ff4cb
-
SHA512
ab8fbf56600c65e004c9d6f7dcd3c3c53d28988c05e60b822fd6f56d671dafe9b35a44e79202e8ccdec918e098752ce566627c3d94ba8bd7e35e782d831d4544
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
8888
C2
doaisunto.xyz:80
olmilllchi.xyz:80
Attributes
-
auth_value
305522e79291033617ec9ca844a03dca
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\FF90905D1ABECCC0E92D4856B0F670ADC89CFE3A25EA8.exe"C:\Users\Admin\AppData\Local\Temp\FF90905D1ABECCC0E92D4856B0F670ADC89CFE3A25EA8.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1420-54-0x0000000000C98000-0x0000000000CC5000-memory.dmpFilesize
180KB
-
memory/1420-56-0x0000000000260000-0x0000000000299000-memory.dmpFilesize
228KB
-
memory/1420-55-0x0000000000C98000-0x0000000000CC5000-memory.dmpFilesize
180KB
-
memory/1420-57-0x0000000000400000-0x0000000000B56000-memory.dmpFilesize
7.3MB
-
memory/1420-58-0x0000000002620000-0x0000000002654000-memory.dmpFilesize
208KB
-
memory/1420-59-0x0000000002770000-0x00000000027A4000-memory.dmpFilesize
208KB
-
memory/1420-60-0x0000000075591000-0x0000000075593000-memory.dmpFilesize
8KB
-
memory/1420-61-0x0000000000C98000-0x0000000000CC5000-memory.dmpFilesize
180KB