Analysis

  • max time kernel
    27s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    18-05-2023 13:40

General

  • Target

    0x000800000001233d116.exe

  • Size

    145KB

  • MD5

    3bd293f5ee0b3ae7a4b5fd3bb5800ca3

  • SHA1

    253b2dcf1d180ea00f7e065a35d28cd5eadd439a

  • SHA256

    33e068a88673ad01e03ef2fb6bc63241a11acf5785402a6697cb9518266503a7

  • SHA512

    2350d4d2bdbb1b1b74b3d10077d178d450b7cf5e7e9583bcc4b65cb130fbbfc181ce8b186a5fe062243eb43ea1f7b57d3dbb2c02560e5d853d174e57f7ee6e6d

  • SSDEEP

    3072:yV+m5cZQmRSJyq2G7z+Ued26U+QEThhZ98e8h4:yjcWnC1PCEThhH

Malware Config

Extracted

Family

redline

Botnet

luka

C2

185.161.248.75:4132

Attributes
  • auth_value

    44560bcd37d6bf076da309730fdb519a

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0x000800000001233d116.exe
    "C:\Users\Admin\AppData\Local\Temp\0x000800000001233d116.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1724
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 504
      2⤵
      • Program crash
      PID:940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1724-54-0x0000000000810000-0x000000000083A000-memory.dmp
    Filesize

    168KB