Overview

overview

10

Static

static

1

1311ae8c47...2a.exe

windows7-x64

10

1311ae8c47...2a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-04-2023 11:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1311ae8c477333e6367514ed725342a47cfaeea6da0c5c0ef15ee6128087cc2a.exe

  • Size

    286KB

  • MD5

    b25b9825c978e8ae9b9181be6086da23

  • SHA1

    cbb0ba2a1101e0d2691144352467f79e7f6dafdb

  • SHA256

    1311ae8c477333e6367514ed725342a47cfaeea6da0c5c0ef15ee6128087cc2a

  • SHA512

    c34ffcf6a56e9bee341aaed0ba33b8924f0e30acc7acf479c87f13dfadae3baa3532f8e9cc57bcc3b053d90a851615f98ce0678a8a74d507f102618f0d4c321f

  • SSDEEP

    6144:DuXWQuk4c8ARD+Ns8J0vgyt6cgRee5C0K:DiJuk45ARD20vgm6psn

Score
10/10
redlinedozkinfostealer

Malware Config

Extracted

Family

redline

Botnet

dozk

C2

91.215.85.15:25916

Attributes
  • auth_value

    9f1dc4ff242fb8b53742acae0ef96143

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 33 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1311ae8c477333e6367514ed725342a47cfaeea6da0c5c0ef15ee6128087cc2a.exe
    "C:\Users\Admin\AppData\Local\Temp\1311ae8c477333e6367514ed725342a47cfaeea6da0c5c0ef15ee6128087cc2a.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:5088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/5088-134-0x0000000004DB0000-0x0000000005354000-memory.dmp
    Filesize

    5.6MB

    Download
  • memory/5088-135-0x0000000002310000-0x0000000002372000-memory.dmp
    Filesize

    392KB

    Download
  • memory/5088-137-0x0000000004DA0000-0x0000000004DB0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/5088-136-0x0000000004DA0000-0x0000000004DB0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/5088-138-0x0000000004DA0000-0x0000000004DB0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/5088-139-0x0000000004CF0000-0x0000000004D42000-memory.dmp
    Filesize

    328KB

    Download
  • memory/5088-140-0x0000000004CF0000-0x0000000004D42000-memory.dmp
    Filesize

    328KB

    Download
  • memory/5088-142-0x0000000004CF0000-0x0000000004D42000-memory.dmp
    Filesize

    328KB

    Download
  • memory/5088-144-0x0000000004CF0000-0x0000000004D42000-memory.dmp
    Filesize

    328KB

    Download
  • memory/5088-146-0x0000000004CF0000-0x0000000004D42000-memory.dmp
    Filesize

    328KB

    Download
  • memory/5088-148-0x0000000004CF0000-0x0000000004D42000-memory.dmp
    Filesize

    328KB

    Download
  • memory/5088-150-0x0000000004CF0000-0x0000000004D42000-memory.dmp
    Filesize

    328KB

    Download
  • memory/5088-152-0x0000000004CF0000-0x0000000004D42000-memory.dmp
    Filesize

    328KB

    Download
  • memory/5088-154-0x0000000004CF0000-0x0000000004D42000-memory.dmp
    Filesize

    328KB

    Download
  • memory/5088-156-0x0000000004CF0000-0x0000000004D42000-memory.dmp
    Filesize

    328KB

    Download
  • memory/5088-158-0x0000000004CF0000-0x0000000004D42000-memory.dmp
    Filesize

    328KB

    Download
  • memory/5088-160-0x0000000004CF0000-0x0000000004D42000-memory.dmp
    Filesize

    328KB

    Download
  • memory/5088-162-0x0000000004CF0000-0x0000000004D42000-memory.dmp
    Filesize

    328KB

    Download
  • memory/5088-164-0x0000000004CF0000-0x0000000004D42000-memory.dmp
    Filesize

    328KB

    Download
  • memory/5088-166-0x0000000004CF0000-0x0000000004D42000-memory.dmp
    Filesize

    328KB

    Download
  • memory/5088-168-0x0000000004CF0000-0x0000000004D42000-memory.dmp
    Filesize

    328KB

    Download
  • memory/5088-170-0x0000000004CF0000-0x0000000004D42000-memory.dmp
    Filesize

    328KB

    Download
  • memory/5088-172-0x0000000004CF0000-0x0000000004D42000-memory.dmp
    Filesize

    328KB

    Download
  • memory/5088-174-0x0000000004CF0000-0x0000000004D42000-memory.dmp
    Filesize

    328KB

    Download
  • memory/5088-176-0x0000000004CF0000-0x0000000004D42000-memory.dmp
    Filesize

    328KB

    Download
  • memory/5088-178-0x0000000004CF0000-0x0000000004D42000-memory.dmp
    Filesize

    328KB

    Download
  • memory/5088-180-0x0000000004CF0000-0x0000000004D42000-memory.dmp
    Filesize

    328KB

    Download
  • memory/5088-182-0x0000000004CF0000-0x0000000004D42000-memory.dmp
    Filesize

    328KB

    Download
  • memory/5088-184-0x0000000004CF0000-0x0000000004D42000-memory.dmp
    Filesize

    328KB

    Download
  • memory/5088-186-0x0000000004CF0000-0x0000000004D42000-memory.dmp
    Filesize

    328KB

    Download
  • memory/5088-188-0x0000000004CF0000-0x0000000004D42000-memory.dmp
    Filesize

    328KB

    Download
  • memory/5088-190-0x0000000004CF0000-0x0000000004D42000-memory.dmp
    Filesize

    328KB

    Download
  • memory/5088-192-0x0000000004CF0000-0x0000000004D42000-memory.dmp
    Filesize

    328KB

    Download
  • memory/5088-194-0x0000000004CF0000-0x0000000004D42000-memory.dmp
    Filesize

    328KB

    Download
  • memory/5088-196-0x0000000004CF0000-0x0000000004D42000-memory.dmp
    Filesize

    328KB

    Download
  • memory/5088-198-0x0000000004CF0000-0x0000000004D42000-memory.dmp
    Filesize

    328KB

    Download
  • memory/5088-200-0x0000000004CF0000-0x0000000004D42000-memory.dmp
    Filesize

    328KB

    Download
  • memory/5088-202-0x0000000004CF0000-0x0000000004D42000-memory.dmp
    Filesize

    328KB

    Download
  • memory/5088-930-0x0000000004DA0000-0x0000000004DB0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/5088-931-0x0000000004DA0000-0x0000000004DB0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/5088-932-0x0000000004DA0000-0x0000000004DB0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/5088-933-0x0000000005360000-0x0000000005978000-memory.dmp
    Filesize

    6.1MB

    Download
  • memory/5088-935-0x00000000059B0000-0x00000000059C2000-memory.dmp
    Filesize

    72KB

    Download
  • memory/5088-936-0x00000000059D0000-0x0000000005ADA000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/5088-937-0x0000000005AE0000-0x0000000005B1C000-memory.dmp
    Filesize

    240KB

    Download
  • memory/5088-938-0x0000000004DA0000-0x0000000004DB0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/5088-940-0x0000000004DA0000-0x0000000004DB0000-memory.dmp
    Filesize

    64KB

    Download