Analysis
-
max time kernel
135s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
02-11-2022 14:31
Behavioral task
behavioral1
Sample
28a4fc89b3ecdce491137e550252749c41c1ab97cebfb5241b8910de6aeb11fe.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
28a4fc89b3ecdce491137e550252749c41c1ab97cebfb5241b8910de6aeb11fe.exe
Resource
win10v2004-20220901-en
General
-
Target
28a4fc89b3ecdce491137e550252749c41c1ab97cebfb5241b8910de6aeb11fe.exe
-
Size
137KB
-
MD5
9ce85f8a89b702a06139ca95944129b8
-
SHA1
d01e8c03db4211ecfda44ad5e14914c45d302116
-
SHA256
28a4fc89b3ecdce491137e550252749c41c1ab97cebfb5241b8910de6aeb11fe
-
SHA512
37409439b0737d527a98d01173c2f2af7019ba8fa0e111e9c7ed2bbbbd5bc0d9d088cd6835d6fbc2bdfb9d07ac73d48b4d4d44a0bed78383b30d7d68b3c7a73b
-
SSDEEP
3072:1YO/ZMTFXXuIQj/9t1egQ+5zV4DF7yRXjh/SSw/:1YMZMBXXuIQf1xQ3MBjh
Malware Config
Extracted
redline
1
80.76.51.172:19241
-
auth_value
4b711fa6f9a5187b40500266349c0baf
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/5028-135-0x0000000000720000-0x0000000000748000-memory.dmp family_redline
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/5028-135-0x0000000000720000-0x0000000000748000-memory.dmpFilesize
160KB
-
memory/5028-136-0x0000000005C40000-0x0000000006258000-memory.dmpFilesize
6.1MB
-
memory/5028-137-0x0000000007750000-0x000000000785A000-memory.dmpFilesize
1.0MB
-
memory/5028-138-0x0000000007640000-0x0000000007652000-memory.dmpFilesize
72KB
-
memory/5028-139-0x00000000076A0000-0x00000000076DC000-memory.dmpFilesize
240KB