Overview

overview

10

Static

static

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    295s
  • max time network
    300s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    01/11/2022, 08:44

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    23522fc8df71c90aa1264da8540de72d3d569c12fafd6da9be7af11c4f97d318.exe

  • Size

    2.4MB

  • MD5

    8d73bd6de1591619bba27542933ee911

  • SHA1

    00e5657de6feb4bfee3489e564d9605da5f3202e

  • SHA256

    23522fc8df71c90aa1264da8540de72d3d569c12fafd6da9be7af11c4f97d318

  • SHA512

    118892feb5c5b6aeb2bd7881492fb23bbf509a96e067907931231799ad703362531f34192fef6507ceeab0521ef8e3ec96c8c8e901ee7b77b5e00f2e3b5f4374

  • SSDEEP

    24576:J3ZIOaY2Ytzmq4mMdmo6erlHa16JNotj2PV4o5iY3CBLHLKKOmZUl3RuQ55313T:pZICslNotKdViY3CBLH8l3p

Score
10/10
redline@forumaninfostealer

Malware Config

Extracted

Family

redline

Botnet

@foruman

C2

185.106.92.226:40788

Attributes
  • auth_value

    bd15c39173a26033961a0c806b2b4684

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 3 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\23522fc8df71c90aa1264da8540de72d3d569c12fafd6da9be7af11c4f97d318.exe
    "C:\Users\Admin\AppData\Local\Temp\23522fc8df71c90aa1264da8540de72d3d569c12fafd6da9be7af11c4f97d318.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3080
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
        PID:150012

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/3080-120-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/3080-121-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/3080-122-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/3080-119-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/3080-125-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/3080-124-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/3080-126-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/3080-123-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/3080-135-0x0000000000400000-0x0000000000560000-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/150012-127-0x0000000000400000-0x0000000000420000-memory.dmp

            Filesize

            128KB

            Download

          • memory/150012-137-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-138-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-136-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-141-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-144-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-146-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-148-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-149-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-147-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-145-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-150-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-143-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-140-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-134-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-133-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-151-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-153-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-152-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-154-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-155-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-158-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-157-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-156-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-160-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-159-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-161-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-162-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-163-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-164-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-165-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-168-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-167-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-169-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-170-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-171-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-172-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-174-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-176-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-177-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-175-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-173-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-178-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-179-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-181-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-180-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-182-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-185-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-187-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-186-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-184-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-183-0x0000000077480000-0x000000007760E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/150012-190-0x0000000008DD0000-0x0000000008DE2000-memory.dmp

            Filesize

            72KB

            Download

          • memory/150012-189-0x0000000009340000-0x0000000009946000-memory.dmp

            Filesize

            6.0MB

            Download

          • memory/150012-191-0x0000000008F00000-0x000000000900A000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/150012-194-0x0000000008E30000-0x0000000008E6E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/150012-196-0x0000000008E70000-0x0000000008EBB000-memory.dmp

            Filesize

            300KB

            Download