Analysis
-
max time kernel
27s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
18-05-2023 13:40
Behavioral task
behavioral1
Sample
0x000800000001233d116.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
0x000800000001233d116.exe
Resource
win10v2004-20230220-en
General
-
Target
0x000800000001233d116.exe
-
Size
145KB
-
MD5
3bd293f5ee0b3ae7a4b5fd3bb5800ca3
-
SHA1
253b2dcf1d180ea00f7e065a35d28cd5eadd439a
-
SHA256
33e068a88673ad01e03ef2fb6bc63241a11acf5785402a6697cb9518266503a7
-
SHA512
2350d4d2bdbb1b1b74b3d10077d178d450b7cf5e7e9583bcc4b65cb130fbbfc181ce8b186a5fe062243eb43ea1f7b57d3dbb2c02560e5d853d174e57f7ee6e6d
-
SSDEEP
3072:yV+m5cZQmRSJyq2G7z+Ued26U+QEThhZ98e8h4:yjcWnC1PCEThhH
Malware Config
Extracted
redline
luka
185.161.248.75:4132
-
auth_value
44560bcd37d6bf076da309730fdb519a
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 940 1724 WerFault.exe 0x000800000001233d116.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
0x000800000001233d116.exedescription pid process target process PID 1724 wrote to memory of 940 1724 0x000800000001233d116.exe WerFault.exe PID 1724 wrote to memory of 940 1724 0x000800000001233d116.exe WerFault.exe PID 1724 wrote to memory of 940 1724 0x000800000001233d116.exe WerFault.exe PID 1724 wrote to memory of 940 1724 0x000800000001233d116.exe WerFault.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1724-54-0x0000000000810000-0x000000000083A000-memory.dmpFilesize
168KB