Analysis
-
max time kernel
31s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
14-06-2023 15:58
Behavioral task
behavioral1
Sample
03869599.exe
Resource
win7-20230220-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
03869599.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
03869599.exe
-
Size
172KB
-
MD5
90f625382c5bd32462a32c4b6f37e308
-
SHA1
4bb6c9fb2f7be1cfe6a4f41bec0feac02fc9ffb8
-
SHA256
4b1c4668c48e5ea2dbd9edc8cc9253e3734a796cf75e64a85f28fa70a7aca67f
-
SHA512
5741f8bb7e6d090fbbed5e07dd4350ae0f674c7d5d333998a7a43082155688dcbfdb0450f3f25408cbcc2fdf73f52a8f6358b142531272bb2c28af2ebf4af8f0
-
SSDEEP
3072:WtDp4vP09bHX9xqLxNcO1BR0H3XWjE8e8hk:WdNWoSyH3XWjE
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
lupa
C2
83.97.73.130:19061
Attributes
-
auth_value
6a764aa41830c77712442516d143bc9c
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 912 336 WerFault.exe 03869599.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
03869599.exedescription pid process target process PID 336 wrote to memory of 912 336 03869599.exe WerFault.exe PID 336 wrote to memory of 912 336 03869599.exe WerFault.exe PID 336 wrote to memory of 912 336 03869599.exe WerFault.exe PID 336 wrote to memory of 912 336 03869599.exe WerFault.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/336-54-0x0000000001390000-0x00000000013C0000-memory.dmpFilesize
192KB