Overview

overview

10

Static

static

10

038f62be77...93.exe

windows7-x64

10

038f62be77...93.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    156s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 23:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    038f62be77cd59199a6ed8fce8686d93.exe

  • Size

    95KB

  • MD5

    038f62be77cd59199a6ed8fce8686d93

  • SHA1

    f9f0748d73b56a0f3423a0cd82ece170e7825ac4

  • SHA256

    25859ba3aba160a006626908aef75f504e5e6bc04bd7b518bbe35f3ef002b42d

  • SHA512

    a1dde768b76c9dc5cd6333e33f1b2a8c2f65fc013f3e16c437df219ef008a6f0dbbe72c442c563c81702620af93c86b20af19e2ec1f4e61c43aa8b23f53889ad

  • SSDEEP

    1536:Bqs0FRcqWClbG6jejoigI743Ywzi0Zb78ivombfexv0ujXyyed2itmulgS6pUl:v0RclyY7+zi0ZbYe1g0ujyzdWU

Score
10/10
redlinemaininfostealer

Malware Config

Extracted

Family

redline

Botnet

main

C2

45.15.157.9:4228

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\038f62be77cd59199a6ed8fce8686d93.exe
    "C:\Users\Admin\AppData\Local\Temp\038f62be77cd59199a6ed8fce8686d93.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3516-132-0x0000000000040000-0x000000000005E000-memory.dmp
    Filesize

    120KB

    Download
  • memory/3516-133-0x00000000050C0000-0x0000000005664000-memory.dmp
    Filesize

    5.6MB

    Download
  • memory/3516-134-0x0000000005C90000-0x00000000062A8000-memory.dmp
    Filesize

    6.1MB

    Download
  • memory/3516-135-0x0000000004BD0000-0x0000000004C62000-memory.dmp
    Filesize

    584KB

    Download
  • memory/3516-136-0x0000000004B70000-0x0000000004B82000-memory.dmp
    Filesize

    72KB

    Download
  • memory/3516-137-0x0000000004CB0000-0x0000000004CEC000-memory.dmp
    Filesize

    240KB

    Download
  • memory/3516-138-0x0000000007510000-0x000000000761A000-memory.dmp
    Filesize

    1.0MB

    Download