Overview

overview

10

Static

static

10

1828-110-0...ry.exe

windows7-x64

10

1828-110-0...ry.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    42s
  • max time network
    44s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    13/02/2023, 10:30

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1828-110-0x0000000002430000-0x0000000002474000-memory.exe

  • Size

    272KB

  • MD5

    2c55e14c57cd7d4c454e56234a04e3f7

  • SHA1

    cf9ebb37fa6f8e653b54d6caa06c6c431febe6ae

  • SHA256

    d09b86247c0c1c485dde8f317c8a400f36b8614455b651c89db9150db69ec3bc

  • SHA512

    017ec74b36063b0706d8fbb90e5f33a25c3933a494a609d1c787e8726489f7ce4d1100f496f138412278ebe1e76e115b116dfe5ae76fb494a075e5a6c9a25d53

  • SSDEEP

    3072:p6j4ELH6Vt7CENpmh6sLKR+utY/edHbpiWo40mTJghm0nlQoYKgQmExNn2pU9f2I:p6jgppZsLKwuAexbpZghdnlQH5QUYhR

Score
10/10
redlineromikinfostealer

Malware Config

Extracted

Family

redline

Botnet

romik

C2

193.233.20.12:4132

Attributes
  • auth_value

    8fb78d2889ba0ca42678b59b884e88ff

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1828-110-0x0000000002430000-0x0000000002474000-memory.exe
    "C:\Users\Admin\AppData\Local\Temp\1828-110-0x0000000002430000-0x0000000002474000-memory.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1916

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1916-54-0x0000000001250000-0x0000000001294000-memory.dmp

          Filesize

          272KB

          Download