redline | 7492380e2ce0aa0eb48e74fbea75227057fdc264a6540327cdb1689c5d49f18c | Triage

Submit
Reports

Overview

overview

Static

static

a18f6cf520...fd.exe

windows7-x64

a18f6cf520...fd.exe

windows10-2004-x64

Analysis

max time kernel
141s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
28-03-2023 11:39

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a18f6cf520e6789de67b030aa1a1ee4a625688b1ea956e07001d71e7dccc92fd.exe

Resource

win7-20230220-en

redline amazon infostealer

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

a18f6cf520e6789de67b030aa1a1ee4a625688b1ea956e07001d71e7dccc92fd.exe

Resource

win10v2004-20230220-en

redline amazon infostealer

windows10-2004-x64

1 signatures

150 seconds

Report Analysis Logs

General

Target

a18f6cf520e6789de67b030aa1a1ee4a625688b1ea956e07001d71e7dccc92fd.exe
Size

337KB
MD5

683e329bc5b4fa71056f9ce6de0b50f9
SHA1

cfd1bc6574b112cbb4e5e572242b7fb341f7459c
SHA256

a18f6cf520e6789de67b030aa1a1ee4a625688b1ea956e07001d71e7dccc92fd
SHA512

19aafd110f267ade2c7ca8f872f1e4e27a398ab821937f241c6fb80d2f1e68bbb6ff2a67eeedd63e90f754f2bad37ebd967f4060ba16fd52c75a383f9505b478
SSDEEP

6144:HRY/IwBjjd6Mn2rm2X1Nl2eQ5iHCGcgTjRjI36fQWfva3RJB4i6R0wjnH:OR6gwAgHCGcgTjRjI36fQWfva3RJB4ia

Score

10^/10

redline amazon infostealer

Malware Config

Extracted

Family

redline

Botnet

amazon

C2

185.156.72.48:26464

Attributes

auth_value
9132ba0b711dcd3607fc18072ecd46ef

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

Processes

C:\Users\Admin\AppData\Local\Temp\a18f6cf520e6789de67b030aa1a1ee4a625688b1ea956e07001d71e7dccc92fd.exe
"C:\Users\Admin\AppData\Local\Temp\a18f6cf520e6789de67b030aa1a1ee4a625688b1ea956e07001d71e7dccc92fd.exe"
1⤵
PID:2152

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2152-133-0x0000000000B10000-0x0000000000B6A000-memory.dmp

Filesize
360KB

Download
memory/2152-134-0x000000000B900000-0x000000000BF18000-memory.dmp

Filesize
6.1MB

Download
memory/2152-135-0x00000000054C0000-0x00000000054D0000-memory.dmp

Filesize
64KB

Download
memory/2152-136-0x000000000D2D0000-0x000000000D3DA000-memory.dmp

Filesize
1.0MB

Download
memory/2152-137-0x000000000D1E0000-0x000000000D1F2000-memory.dmp

Filesize
72KB

Download
memory/2152-138-0x000000000D240000-0x000000000D27C000-memory.dmp

Filesize
240KB

Download
memory/2152-139-0x00000000054C0000-0x00000000054D0000-memory.dmp

Filesize
64KB

Download

© 2018-2024

Terms | Privacy