Overview

overview

10

Static

static

1

4493hvqJun...Hd.exe

windows7-x64

10

4493hvqJun...Hd.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    19/04/2023, 15:34

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4493hvqJuniILmZeHYaqmrTWsgHd.exe

  • Size

    14.4MB

  • MD5

    6b0cd578e48d14ee52881cd8848c1d6f

  • SHA1

    2c181b10930567a7ec806a2b3289b58bba705547

  • SHA256

    3377ef220da5410f08f344b05e0478492960a238e51055495f0112f3207f2ab5

  • SHA512

    7cc7a6a1980d9a189807cd1e3556516d91f28ca88156caeb2247fe87ce36821823730638dfb59df1c018417af0ea26b91cb6d9fbe4714320e5d6770a697721fb

  • SSDEEP

    196608:Ql4lapsb2FYXSRUTuNAPqZcrG1IniBEj+9wf6JM7I:

Score
10/10
redlinetestjpg01infostealer

Malware Config

Extracted

Family

redline

Botnet

TestJPG01

C2

77.73.134.70:33110

Attributes
  • auth_value

    c4a14a459f67a23ecce5de88122c2b28

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4493hvqJuniILmZeHYaqmrTWsgHd.exe
    "C:\Users\Admin\AppData\Local\Temp\4493hvqJuniILmZeHYaqmrTWsgHd.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:912
    • C:\Users\Admin\AppData\Local\Temp\4493hvqJuniILmZeHYaqmrTWsgHd.exe
      "C:\Users\Admin\AppData\Local\Temp\4493hvqJuniILmZeHYaqmrTWsgHd.exe"
      2⤵
        PID:932

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/912-54-0x0000000000380000-0x00000000011F2000-memory.dmp

            Filesize

            14.4MB

            Download

          • memory/912-55-0x0000000001480000-0x000000000149C000-memory.dmp

            Filesize

            112KB

            Download

          • memory/932-56-0x00000000000C0000-0x0000000000106000-memory.dmp

            Filesize

            280KB

            Download

          • memory/932-57-0x00000000000C0000-0x0000000000106000-memory.dmp

            Filesize

            280KB

            Download

          • memory/932-58-0x00000000000C0000-0x0000000000106000-memory.dmp

            Filesize

            280KB

            Download

          • memory/932-59-0x00000000000C0000-0x0000000000106000-memory.dmp

            Filesize

            280KB

            Download

          • memory/932-61-0x00000000000C0000-0x0000000000106000-memory.dmp

            Filesize

            280KB

            Download

          • memory/932-62-0x00000000000C0000-0x0000000000106000-memory.dmp

            Filesize

            280KB

            Download

          • memory/932-60-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

            Filesize

            4KB

            Download

          • memory/932-66-0x00000000000C0000-0x0000000000106000-memory.dmp

            Filesize

            280KB

            Download

          • memory/932-69-0x00000000000C0000-0x0000000000106000-memory.dmp

            Filesize

            280KB

            Download

          • memory/932-70-0x0000000002DD0000-0x0000000002E10000-memory.dmp

            Filesize

            256KB

            Download

          • memory/932-71-0x0000000002DD0000-0x0000000002E10000-memory.dmp

            Filesize

            256KB

            Download