Overview

overview

10

Static

static

10

7.0.0.0.exe

windows7-x64

7

7.0.0.0.exe

windows10-2004-x64

7

ILMerge.exe

windows7-x64

1

ILMerge.exe

windows10-2004-x64

1

pack/AbPmX.exe

windows7-x64

10

pack/AbPmX.exe

windows10-2004-x64

10

pack/AcAoB.exe

windows7-x64

10

pack/AcAoB.exe

windows10-2004-x64

10

pack/AdEXN.exe

windows7-x64

10

pack/AdEXN.exe

windows10-2004-x64

10

pack/AeCKK.exe

windows7-x64

1

pack/AeCKK.exe

windows10-2004-x64

1

pack/AeSRJ.exe

windows7-x64

7

pack/AeSRJ.exe

windows10-2004-x64

7

pack/AfDTM.exe

windows7-x64

10

pack/AfDTM.exe

windows10-2004-x64

10

pack/AfMaR.exe

windows7-x64

10

pack/AfMaR.exe

windows10-2004-x64

10

pack/AfZcW.exe

windows7-x64

10

pack/AfZcW.exe

windows10-2004-x64

10

pack/AnWLP.exe

windows7-x64

1

pack/AnWLP.exe

windows10-2004-x64

1

pack/AnZNZ.exe

windows7-x64

10

pack/AnZNZ.exe

windows10-2004-x64

10

pack/ApRnS.exe

windows7-x64

10

pack/ApRnS.exe

windows10-2004-x64

10

pack/AqDpY.exe

windows7-x64

1

pack/AqDpY.exe

windows10-2004-x64

1

pack/AsNMX.exe

windows7-x64

1

pack/AsNMX.exe

windows10-2004-x64

1

pack/AwHQZ.exe

windows7-x64

10

pack/AwHQZ.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    161s
  • max time network
    235s
  • platform
    windows7_x64
  • resource
    win7-20220715-en
  • resource tags

    arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
  • submitted
    10-08-2022 11:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    pack/AcAoB.exe

  • Size

    95KB

  • MD5

    0ec54c61531a22e6ccc517293d137d67

  • SHA1

    4bc1bb4273cbefc10efbae5e55a03f4aaba624ab

  • SHA256

    98049233378275be99a475de751e30042eee539f0644fbc0cd84b041aaab2396

  • SHA512

    0bf6b2ee458083ed74f4954e308dd5742fd31b269dd757af507be9ab821b2833de46bbc532854719c9cf7acfbf0fac995a86d580f13d7f82cee9b5d0a6790ec8

Score
10/10
redlinecheatinfostealer

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

109.206.241.81:55527

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\pack\AcAoB.exe
    "C:\Users\Admin\AppData\Local\Temp\pack\AcAoB.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1956-54-0x0000000000370000-0x000000000038E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/1956-55-0x0000000075CD1000-0x0000000075CD3000-memory.dmp

    Filesize

    8KB

    Download