Overview

overview

10

Static

static

10

0x00070000...16.exe

windows7-x64

10

0x00070000...16.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    23/05/2023, 21:20

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0x00070000000134bf-116.exe

  • Size

    145KB

  • MD5

    e7c2d909539016398eb23891da49660f

  • SHA1

    18e8d3028842a362c740728d3ade34be17d32b6f

  • SHA256

    2180366c11e785e388e7af42a12f7310ba130067f632b9fe83d91f2a301f2be1

  • SHA512

    77d6b3cb164dddd0b8709594ff56d65cf591553151dcbbe10bb5385bebf8aa4cc6314b9728822d2a7a16ceafda475229c9e7c9e64d3de54a2c81dfdba528d16a

  • SSDEEP

    1536:o2BGlTP+mZP61sEYDmRSNIgcscLDuRwH77+u8oxQKHbuxGBNM740wuei/Qv+R+Fn:6V+m5cvQmRSN90+82iTi74h9ZF8e8hU

Score
10/10
redlinemixainfostealer

Malware Config

Extracted

Family

redline

Botnet

mixa

C2

185.161.248.37:4138

Attributes
  • auth_value

    9d14534b25ac495ab25b59800acf3bb2

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

Processes

  • C:\Users\Admin\AppData\Local\Temp\0x00070000000134bf-116.exe
    "C:\Users\Admin\AppData\Local\Temp\0x00070000000134bf-116.exe"
    1⤵
      PID:1384

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1384-54-0x0000000000E50000-0x0000000000E7A000-memory.dmp

            Filesize

            168KB

            Download

          • memory/1384-55-0x0000000004A10000-0x0000000004A50000-memory.dmp

            Filesize

            256KB

            Download

          • memory/1384-56-0x0000000004A10000-0x0000000004A50000-memory.dmp

            Filesize

            256KB

            Download