Analysis
-
max time kernel
132s -
max time network
158s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
29-01-2023 17:52
General
-
Target
c9336bcd57afe25d3742b0f0ef489784b81f9c12e289a0f6223b4de29fd5f949.exe
-
Size
368KB
-
MD5
5440f766a474d152cafa52f1523b6d08
-
SHA1
5c5ced856aab135b6e747b204a59ba54a5af1e7c
-
SHA256
c9336bcd57afe25d3742b0f0ef489784b81f9c12e289a0f6223b4de29fd5f949
-
SHA512
36d2d92fd2d35342476263c50a2bec8d1230c272a81f556b2f5f6ee2bb8b6255465239a5d57b25b0b04eb4b82b1012e0acbc3a9d2a5f356a4791dba2718fc867
-
SSDEEP
6144:KHiHAEvQb+xCzH+8fER4M2B5B1z85unzsPozDYvfburZMY7pc9M:KCHrIb+xkHrER4MYvzUizS+DYvfyOs+M
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
hack
C2
45.144.31.206:3214
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c9336bcd57afe25d3742b0f0ef489784b81f9c12e289a0f6223b4de29fd5f949.exe"C:\Users\Admin\AppData\Local\Temp\c9336bcd57afe25d3742b0f0ef489784b81f9c12e289a0f6223b4de29fd5f949.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2040-54-0x0000000000A08000-0x0000000000A2E000-memory.dmpFilesize
152KB
-
memory/2040-56-0x0000000000230000-0x0000000000262000-memory.dmpFilesize
200KB
-
memory/2040-55-0x0000000000A08000-0x0000000000A2E000-memory.dmpFilesize
152KB
-
memory/2040-57-0x0000000000400000-0x0000000000857000-memory.dmpFilesize
4.3MB
-
memory/2040-58-0x00000000003D0000-0x00000000003F8000-memory.dmpFilesize
160KB
-
memory/2040-59-0x00000000021D0000-0x00000000021F8000-memory.dmpFilesize
160KB
-
memory/2040-60-0x0000000075D61000-0x0000000075D63000-memory.dmpFilesize
8KB
-
memory/2040-61-0x0000000000A08000-0x0000000000A2E000-memory.dmpFilesize
152KB