Overview

overview

10

Static

static

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    280s
  • max time network
    291s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    01-11-2022 11:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bfb45ea621467d1d864fdccdd627633b807004b099c11067917d38aa4f31b95a.exe

  • Size

    2.5MB

  • MD5

    e96cdd6f709cd297f564f484eeb11a07

  • SHA1

    5bd8029febd8d0298d9a178a3b44eeee1a3ef8e2

  • SHA256

    bfb45ea621467d1d864fdccdd627633b807004b099c11067917d38aa4f31b95a

  • SHA512

    1391123138bf45e2f82f29912b788a0f1b38779e03ca72a502ad6e77300d399b910cc707081379e3c4752a85afe8a4a8c3b2a4dac6a7ba222682d10a37b70790

  • SSDEEP

    24576:D5HTB8YsP7YAY2gtlHC3MhJdIKH2GEhb6Lsfuo4N8fVxLORl3RuQ55313c:DNBrsbOiuo4N8fVxyl3y

Score
10/10
redlineredlineinfostealer

Malware Config

Extracted

Family

redline

Botnet

Redline

C2

185.186.142.127:6737

Attributes
  • auth_value

    79885e811fa97fd37687d3b2613976a8

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bfb45ea621467d1d864fdccdd627633b807004b099c11067917d38aa4f31b95a.exe
    "C:\Users\Admin\AppData\Local\Temp\bfb45ea621467d1d864fdccdd627633b807004b099c11067917d38aa4f31b95a.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2580
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
        PID:196932

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2580-120-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2580-121-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2580-122-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2580-123-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2580-124-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2580-125-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2580-126-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2580-127-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-128-0x0000000000190000-0x00000000001B0000-memory.dmp
      Filesize

      128KB

      Download
    • memory/196932-133-0x00000000001AB50E-mapping.dmp
      Download
    • memory/196932-134-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-135-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-136-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-137-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-138-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-140-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-141-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-143-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-144-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-145-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-146-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-147-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-148-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-149-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-150-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-151-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-152-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-153-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-154-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-155-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-156-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-158-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-157-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-159-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-160-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-161-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-162-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-163-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-164-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-165-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-167-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-168-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-169-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-170-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-171-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-172-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-173-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-174-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-175-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-176-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-177-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-178-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-179-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-180-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-181-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-182-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-183-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-184-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-185-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-186-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-187-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/196932-189-0x0000000009060000-0x0000000009666000-memory.dmp
      Filesize

      6.0MB

      Download
    • memory/196932-190-0x00000000011B0000-0x00000000011C2000-memory.dmp
      Filesize

      72KB

      Download
    • memory/196932-191-0x0000000008A50000-0x0000000008B5A000-memory.dmp
      Filesize

      1.0MB

      Download
    • memory/196932-194-0x0000000001210000-0x000000000124E000-memory.dmp
      Filesize

      248KB

      Download
    • memory/196932-196-0x0000000001250000-0x000000000129B000-memory.dmp
      Filesize

      300KB

      Download