Overview

overview

10

Static

static

10

544-58-0x0...ry.exe

windows7-x64

10

544-58-0x0...ry.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    90s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/09/2022, 10:11

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    544-58-0x0000000002060000-0x000000000209C000-memory.exe

  • Size

    240KB

  • MD5

    ab1ec30109a1379a0e3f74f611930d62

  • SHA1

    08f47591c44b01f3cb068f194708fe6b940fa612

  • SHA256

    2e0d54c8a3b38df830678984670ea90b1b4bdf0795ba67f834bb711741cdaa43

  • SHA512

    0e557e1d317a3fe2b074491216339417531c346f4d2b162466ab854fddf93da2c3eebb577434e9e099f8674691dcee2037367346daa5d949c69f13d2004998e1

  • SSDEEP

    3072:ojqTLQenQRonR7at62qaptH9RMVBw+0JOztoe/id8ohWAOubuAfS:ojq/Go4t62DB9RMV5lohX

Score
10/10
redline2dwrkinfostealer

Malware Config

Extracted

Family

redline

Botnet

2dwrK

C2

solpolas.com:8721

Attributes
  • auth_value

    70bdec8a6482631576e0f19c8c594e7b

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\544-58-0x0000000002060000-0x000000000209C000-memory.exe
    "C:\Users\Admin\AppData\Local\Temp\544-58-0x0000000002060000-0x000000000209C000-memory.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4500

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4500-132-0x0000000000790000-0x00000000007CC000-memory.dmp

          Filesize

          240KB

          Download