Overview

overview

10

Static

static

10

28a4fc89b3...fe.exe

windows7-x64

10

28a4fc89b3...fe.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    135s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-11-2022 14:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    28a4fc89b3ecdce491137e550252749c41c1ab97cebfb5241b8910de6aeb11fe.exe

  • Size

    137KB

  • MD5

    9ce85f8a89b702a06139ca95944129b8

  • SHA1

    d01e8c03db4211ecfda44ad5e14914c45d302116

  • SHA256

    28a4fc89b3ecdce491137e550252749c41c1ab97cebfb5241b8910de6aeb11fe

  • SHA512

    37409439b0737d527a98d01173c2f2af7019ba8fa0e111e9c7ed2bbbbd5bc0d9d088cd6835d6fbc2bdfb9d07ac73d48b4d4d44a0bed78383b30d7d68b3c7a73b

  • SSDEEP

    3072:1YO/ZMTFXXuIQj/9t1egQ+5zV4DF7yRXjh/SSw/:1YMZMBXXuIQf1xQ3MBjh

Score
10/10
redline1infostealer

Malware Config

Extracted

Family

redline

Botnet

1

C2

80.76.51.172:19241

Attributes
  • auth_value

    4b711fa6f9a5187b40500266349c0baf

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\28a4fc89b3ecdce491137e550252749c41c1ab97cebfb5241b8910de6aeb11fe.exe
    "C:\Users\Admin\AppData\Local\Temp\28a4fc89b3ecdce491137e550252749c41c1ab97cebfb5241b8910de6aeb11fe.exe"
    1⤵
      PID:5028

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/5028-135-0x0000000000720000-0x0000000000748000-memory.dmp
      Filesize

      160KB

      Download
    • memory/5028-136-0x0000000005C40000-0x0000000006258000-memory.dmp
      Filesize

      6.1MB

      Download
    • memory/5028-137-0x0000000007750000-0x000000000785A000-memory.dmp
      Filesize

      1.0MB

      Download
    • memory/5028-138-0x0000000007640000-0x0000000007652000-memory.dmp
      Filesize

      72KB

      Download
    • memory/5028-139-0x00000000076A0000-0x00000000076DC000-memory.dmp
      Filesize

      240KB

      Download