Overview

overview

10

Static

static

1

1a90749990...1a.exe

windows7-x64

10

1a90749990...1a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    15/02/2023, 15:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1a90749990cd53ca3fced5acfaeefb1a.exe

  • Size

    5.3MB

  • MD5

    1a90749990cd53ca3fced5acfaeefb1a

  • SHA1

    ae7c12d6de1dc97973d0c23eec9f20ba6d04ec84

  • SHA256

    923ee449cd1680cb74fd41c785688e0974c6912da0ce37e7decd79b7af544d79

  • SHA512

    f8c5a7e8de54add19fc69a16cb799b4adb7fa6a40787224fd51d41d9bf79250902af0d2e95e9abde9d5eee3c261ba9dfe110ea4b43848e442cfe4cd1bfddffbb

  • SSDEEP

    12288:KhefaqG4yPa3Pj67yz8t2+1ZpyN2uVA4yOQ6jEu06Fy2Mxzo3:0eSqG4yPafmN9yNBqT364u06F0xM

Score
10/10
redline03.02.23infostealer

Malware Config

Extracted

Family

redline

Botnet

03.02.23

C2

188.127.227.25:6714

Attributes
  • auth_value

    2cf638fe716dc2686fde58759ab8a963

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1a90749990cd53ca3fced5acfaeefb1a.exe
    "C:\Users\Admin\AppData\Local\Temp\1a90749990cd53ca3fced5acfaeefb1a.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1780
    • C:\Users\Admin\AppData\Local\Temp\1a90749990cd53ca3fced5acfaeefb1a.exe
      "C:\Users\Admin\AppData\Local\Temp\1a90749990cd53ca3fced5acfaeefb1a.exe"
      2⤵
        PID:1468

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1468-65-0x0000000000400000-0x0000000000432000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1468-71-0x0000000000400000-0x0000000000432000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1468-61-0x0000000000400000-0x0000000000432000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1468-66-0x0000000000400000-0x0000000000432000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1468-60-0x0000000000400000-0x0000000000432000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1468-63-0x0000000000400000-0x0000000000432000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1468-69-0x0000000000400000-0x0000000000432000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1780-55-0x0000000075991000-0x0000000075993000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1780-54-0x0000000000E30000-0x0000000000EF8000-memory.dmp

      Filesize

      800KB

      Download

    • memory/1780-59-0x0000000000E00000-0x0000000000E32000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1780-58-0x0000000005DA0000-0x0000000005E00000-memory.dmp

      Filesize

      384KB

      Download

    • memory/1780-57-0x00000000003E0000-0x00000000003EA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/1780-56-0x0000000000390000-0x00000000003A4000-memory.dmp

      Filesize

      80KB

      Download