Overview

overview

10

Static

static

cd2436f1ce...7f.exe

windows7-x64

10

cd2436f1ce...7f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    20/12/2022, 04:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cd2436f1cec484076be83744b0d4e87f.exe

  • Size

    2.4MB

  • MD5

    cd2436f1cec484076be83744b0d4e87f

  • SHA1

    425319f0e8add17e8f430087ba590190dfbf5250

  • SHA256

    5be845902145831466d3b710541d2c5a53cfc50108126c8802b48226e89e1887

  • SHA512

    b465013ef79f6d16dae386c5b05995b3e95167bfdc49363b93679f33e5c46686edf30ce921c6e60aa62526e2c36bf7f529f217a18c496002e028d90306fd9ab1

  • SSDEEP

    24576:pE+5OCYAY49zG/F2Mgeo6erV6X16+vHJrQdPFc3w5TTGgLNMuKbl3RuQ55313b:pN59R8vHJitc3w5TTGgpCl3N

Score
10/10
redline@forceddd_lztinfostealer

Malware Config

Extracted

Family

redline

Botnet

@forceddd_lzt

C2

5.182.36.101:31305

Attributes
  • auth_value

    91ffc3d776bc56b5c410d1adf5648512

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 5 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cd2436f1cec484076be83744b0d4e87f.exe
    "C:\Users\Admin\AppData\Local\Temp\cd2436f1cec484076be83744b0d4e87f.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1388
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
        PID:144092

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1388-63-0x0000000000400000-0x0000000000560000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/144092-54-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/144092-56-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/144092-62-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/144092-64-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/144092-65-0x0000000075711000-0x0000000075713000-memory.dmp

      Filesize

      8KB

      Download