Overview

overview

10

Static

static

10

528-101-0x...ry.exe

windows7-x64

10

528-101-0x...ry.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    43s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    15/02/2023, 05:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    528-101-0x0000000004BE0000-0x0000000004C24000-memory.exe

  • Size

    272KB

  • MD5

    5552a688d005ca6fc2b347e991b7f05b

  • SHA1

    fc14242f8a4626b03a9ecc3481f83913d00e3766

  • SHA256

    4c043fa3d908b7a1bdfc091920e279b92c8f032def449a88a0211f65f8d59a83

  • SHA512

    d96b93f86aac8a8b71828c83b0f3faf928ce27607d1b585d70749feadeeec51acefb651b653be9615bc5a95c2664637fb4710616c1dbfe38f4bfe9eca0e23d2d

  • SSDEEP

    3072:B6jIELf6FDTCLkYxJw6qxYgcgpiiSo40jm8dAhTrnz5XD1NxNn2pU9f2MKTV/wi9:B6jodYx9cYKpzwAAh3nzZi

Score
10/10
redlinerumainfostealer

Malware Config

Extracted

Family

redline

Botnet

ruma

C2

193.233.20.13:4136

Attributes
  • auth_value

    647d00dfaba082a4a30f383bca5d1a2a

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\528-101-0x0000000004BE0000-0x0000000004C24000-memory.exe
    "C:\Users\Admin\AppData\Local\Temp\528-101-0x0000000004BE0000-0x0000000004C24000-memory.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1728-54-0x0000000000AF0000-0x0000000000B34000-memory.dmp

    Filesize

    272KB

    Download