Overview

overview

10

Static

static

1

1a90749990...1a.exe

windows7-x64

10

1a90749990...1a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-02-2023 15:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1a90749990cd53ca3fced5acfaeefb1a.exe

  • Size

    5.3MB

  • MD5

    1a90749990cd53ca3fced5acfaeefb1a

  • SHA1

    ae7c12d6de1dc97973d0c23eec9f20ba6d04ec84

  • SHA256

    923ee449cd1680cb74fd41c785688e0974c6912da0ce37e7decd79b7af544d79

  • SHA512

    f8c5a7e8de54add19fc69a16cb799b4adb7fa6a40787224fd51d41d9bf79250902af0d2e95e9abde9d5eee3c261ba9dfe110ea4b43848e442cfe4cd1bfddffbb

  • SSDEEP

    12288:KhefaqG4yPa3Pj67yz8t2+1ZpyN2uVA4yOQ6jEu06Fy2Mxzo3:0eSqG4yPafmN9yNBqT364u06F0xM

Score
10/10
redline03.02.23infostealer

Malware Config

Extracted

Family

redline

Botnet

03.02.23

C2

188.127.227.25:6714

Attributes
  • auth_value

    2cf638fe716dc2686fde58759ab8a963

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1a90749990cd53ca3fced5acfaeefb1a.exe
    "C:\Users\Admin\AppData\Local\Temp\1a90749990cd53ca3fced5acfaeefb1a.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4940
    • C:\Users\Admin\AppData\Local\Temp\1a90749990cd53ca3fced5acfaeefb1a.exe
      "C:\Users\Admin\AppData\Local\Temp\1a90749990cd53ca3fced5acfaeefb1a.exe"
      2⤵
        PID:916

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/916-138-0x0000000000400000-0x0000000000432000-memory.dmp

      Filesize

      200KB

      Download

    • memory/916-139-0x00000000052E0000-0x00000000058F8000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/916-140-0x0000000004E60000-0x0000000004F6A000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/916-141-0x0000000004D90000-0x0000000004DA2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/916-142-0x0000000004DF0000-0x0000000004E2C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/4940-132-0x0000000000440000-0x0000000000508000-memory.dmp

      Filesize

      800KB

      Download

    • memory/4940-133-0x0000000005480000-0x0000000005A24000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/4940-134-0x0000000004ED0000-0x0000000004F62000-memory.dmp

      Filesize

      584KB

      Download

    • memory/4940-135-0x0000000004EA0000-0x0000000004EAA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/4940-136-0x00000000070D0000-0x000000000716C000-memory.dmp

      Filesize

      624KB

      Download