Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
-
submitted
16-11-2022 17:26
General
-
Target
45cd9f707a0d3ea09cad776bd662e86bf227b3ed807888ec4d9aa34694a391c0.exe
-
Size
440KB
-
MD5
4036b4bb539caeffec638607e50ec42a
-
SHA1
2ed35febc646215c45bf77da2709fc5f973bb821
-
SHA256
45cd9f707a0d3ea09cad776bd662e86bf227b3ed807888ec4d9aa34694a391c0
-
SHA512
83601363f7370c64a97f6f88864b851b19f5b2b2ec43b6415a427cf2cc13e6795c20145f0403a616b990b6498eabd78533494151a310edbe64da76a1d836373b
-
SSDEEP
6144:oCI3LIboOXlX7i1cNQvlOeWggXP0I2iynFKe+4tVHyEn2E1a:oCS8boOXh7i+NQNCggXsPnnoCtYUv
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
neruz
C2
193.106.191.27:47242
Attributes
-
auth_value
0169a8759f3c9be473f782b96a6ff704
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\45cd9f707a0d3ea09cad776bd662e86bf227b3ed807888ec4d9aa34694a391c0.exe"C:\Users\Admin\AppData\Local\Temp\45cd9f707a0d3ea09cad776bd662e86bf227b3ed807888ec4d9aa34694a391c0.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1048-54-0x0000000000A48000-0x0000000000A7F000-memory.dmpFilesize
220KB
-
memory/1048-56-0x0000000000220000-0x0000000000279000-memory.dmpFilesize
356KB
-
memory/1048-55-0x0000000000A48000-0x0000000000A7F000-memory.dmpFilesize
220KB
-
memory/1048-57-0x0000000000400000-0x0000000000871000-memory.dmpFilesize
4.4MB
-
memory/1048-58-0x00000000009A0000-0x00000000009EC000-memory.dmpFilesize
304KB
-
memory/1048-59-0x00000000026A0000-0x00000000026EA000-memory.dmpFilesize
296KB
-
memory/1048-60-0x00000000759F1000-0x00000000759F3000-memory.dmpFilesize
8KB
-
memory/1048-61-0x0000000000A48000-0x0000000000A7F000-memory.dmpFilesize
220KB