Overview

overview

10

Static

static

10

0x00080000...16.exe

windows7-x64

10

0x00080000...16.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    23/05/2023, 20:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0x000800000001231c-116.exe

  • Size

    145KB

  • MD5

    c80c3d6835654767bd946debfb37b929

  • SHA1

    ef01aba7ec06fbc0e55da2077b258d60946c73da

  • SHA256

    df21bfd618ef135c5cf9c1d65212dccf19a0264d378a7ff14488f067b5f97bbd

  • SHA512

    330e2a0d8524296cd1dbfbf2bd423fd41f52261c2151a4590c8715f48c2df5996acad559ee0d1c68f1944dcb199f78ec9aaa1f756c56103586f256389d6fa3ad

  • SSDEEP

    3072:oV+m5czQmRS9Ynk5QXNhhRbG5h5Zx8e8h/:ojKtM5h5b

Score
10/10
redlineluzainfostealer

Malware Config

Extracted

Family

redline

Botnet

luza

C2

185.161.248.37:4138

Attributes
  • auth_value

    1261701914d508e02e8b4f25d38bc7f9

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

Processes

  • C:\Users\Admin\AppData\Local\Temp\0x000800000001231c-116.exe
    "C:\Users\Admin\AppData\Local\Temp\0x000800000001231c-116.exe"
    1⤵
      PID:816

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/816-54-0x0000000000E70000-0x0000000000E9A000-memory.dmp

      Filesize

      168KB

      Download

    • memory/816-55-0x0000000004A90000-0x0000000004AD0000-memory.dmp

      Filesize

      256KB

      Download

    • memory/816-56-0x0000000004A90000-0x0000000004AD0000-memory.dmp

      Filesize

      256KB

      Download