Overview

overview

10

Static

static

10

1920-149-0...ry.exe

windows7-x64

10

1920-149-0...ry.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    28s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    27-03-2023 17:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1920-149-0x0000000002300000-0x0000000002344000-memory.exe

  • Size

    272KB

  • MD5

    2f0479d21adb216f681b6388cc202f54

  • SHA1

    aa0e9832d41ab5932a52dd5d2ef182f331f26cf2

  • SHA256

    f25c8679496d5d81f8f187057cd57af012511b892391115d97ae876feba7ff3a

  • SHA512

    1416623f06fdaeac08f9f5582e98c343f3c14772902d35a3be800199bbc278dd4921f427e5d3959b3305ab32f81c8976bd95527e69ad2c126047e04aa50951f7

  • SSDEEP

    3072:Q6jIELf6FDTCjhnTzO6w/et1WuDCvgxo40TnCch36nycRt7fwxNn2pU9f2MKTV/C:Q6jocuVe3W8Y2chqnycP

Score
10/10
redlinesonyinfostealer

Malware Config

Extracted

Family

redline

Botnet

sony

C2

193.233.20.33:4125

Attributes
  • auth_value

    1d93d1744381eeb4fcfd7c23ffe0f0b4

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1920-149-0x0000000002300000-0x0000000002344000-memory.exe
    "C:\Users\Admin\AppData\Local\Temp\1920-149-0x0000000002300000-0x0000000002344000-memory.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1136-54-0x0000000000ED0000-0x0000000000F14000-memory.dmp

    Filesize

    272KB

    Download