Overview

overview

10

Static

static

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    272s
  • max time network
    286s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    01-11-2022 11:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bfb45ea621467d1d864fdccdd627633b807004b099c11067917d38aa4f31b95a.exe

  • Size

    2.5MB

  • MD5

    e96cdd6f709cd297f564f484eeb11a07

  • SHA1

    5bd8029febd8d0298d9a178a3b44eeee1a3ef8e2

  • SHA256

    bfb45ea621467d1d864fdccdd627633b807004b099c11067917d38aa4f31b95a

  • SHA512

    1391123138bf45e2f82f29912b788a0f1b38779e03ca72a502ad6e77300d399b910cc707081379e3c4752a85afe8a4a8c3b2a4dac6a7ba222682d10a37b70790

  • SSDEEP

    24576:D5HTB8YsP7YAY2gtlHC3MhJdIKH2GEhb6Lsfuo4N8fVxLORl3RuQ55313c:DNBrsbOiuo4N8fVxyl3y

Score
10/10
redlineredlineinfostealer

Malware Config

Extracted

Family

redline

Botnet

Redline

C2

185.186.142.127:6737

Attributes
  • auth_value

    79885e811fa97fd37687d3b2613976a8

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 4 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bfb45ea621467d1d864fdccdd627633b807004b099c11067917d38aa4f31b95a.exe
    "C:\Users\Admin\AppData\Local\Temp\bfb45ea621467d1d864fdccdd627633b807004b099c11067917d38aa4f31b95a.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1764
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
        PID:191324

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/191324-56-0x0000000000400000-0x0000000000420000-memory.dmp
      Filesize

      128KB

      Download
    • memory/191324-54-0x0000000000400000-0x0000000000420000-memory.dmp
      Filesize

      128KB

      Download
    • memory/191324-61-0x000000000041B50E-mapping.dmp
      Download
    • memory/191324-63-0x0000000000400000-0x0000000000420000-memory.dmp
      Filesize

      128KB

      Download
    • memory/191324-62-0x0000000000400000-0x0000000000420000-memory.dmp
      Filesize

      128KB

      Download
    • memory/191324-64-0x0000000075FC1000-0x0000000075FC3000-memory.dmp
      Filesize

      8KB

      Download