Overview

overview

10

Static

static

10

2024-113-0...ry.exe

windows7-x64

10

2024-113-0...ry.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    35s
  • max time network
    51s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    11/02/2023, 07:40 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-113-0x00000000020C0000-0x0000000002104000-memory.exe

  • Size

    272KB

  • MD5

    26c05aee7e106bc5bb1f0de468bf4717

  • SHA1

    15c31308a3bfd6cf99043676e576fd1f99dd7c68

  • SHA256

    ca5a49a9df721621b9441f5e015f4ca764b3d0874b5aafc5d32a66bbe161733f

  • SHA512

    1018d88d03375da58bbf12c4cdeedf2ecd82b79561f6e674f232a3f6e20f34c4c950eb0d9977ef9143c1aeeac4adc9a5d5caf191bea3c2cf416ae2cdf211df34

  • SSDEEP

    3072:p6j4ELH6Vt7CENpmh6sLKR+utY/edHbpiWo40mTJghm0nlQoYKgQmExNn2pU9f2O:p6jgppZsLKwuAexbpZghdnlQH5Q

Score
10/10
redlineromikinfostealer

Malware Config

Extracted

Family

redline

Botnet

romik

C2

193.233.20.12:4132

Attributes
  • auth_value

    8fb78d2889ba0ca42678b59b884e88ff

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-113-0x00000000020C0000-0x0000000002104000-memory.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-113-0x00000000020C0000-0x0000000002104000-memory.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1668

Network

    No results found
  • 204.79.197.200:443
    40 B
     1
  • 117.18.237.29:80
    46 B
     40 B
     1
    1
No results found

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1668-54-0x0000000000320000-0x0000000000364000-memory.dmp

    Filesize

    272KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.