Overview

overview

10

Static

static

10

2024-113-0...ry.exe

windows7-x64

10

2024-113-0...ry.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-02-2023 07:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-113-0x00000000020C0000-0x0000000002104000-memory.exe

  • Size

    272KB

  • MD5

    26c05aee7e106bc5bb1f0de468bf4717

  • SHA1

    15c31308a3bfd6cf99043676e576fd1f99dd7c68

  • SHA256

    ca5a49a9df721621b9441f5e015f4ca764b3d0874b5aafc5d32a66bbe161733f

  • SHA512

    1018d88d03375da58bbf12c4cdeedf2ecd82b79561f6e674f232a3f6e20f34c4c950eb0d9977ef9143c1aeeac4adc9a5d5caf191bea3c2cf416ae2cdf211df34

  • SSDEEP

    3072:p6j4ELH6Vt7CENpmh6sLKR+utY/edHbpiWo40mTJghm0nlQoYKgQmExNn2pU9f2O:p6jgppZsLKwuAexbpZghdnlQH5Q

Score
10/10
redlineromikinfostealer

Malware Config

Extracted

Family

redline

Botnet

romik

C2

193.233.20.12:4132

Attributes
  • auth_value

    8fb78d2889ba0ca42678b59b884e88ff

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-113-0x00000000020C0000-0x0000000002104000-memory.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-113-0x00000000020C0000-0x0000000002104000-memory.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4964-132-0x00000000004D0000-0x0000000000514000-memory.dmp

    Filesize

    272KB

    Download