Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    133s
  • max time network
    150s
  • platform
    windows10-1703_x64
  • resource
    win10-20230703-en
  • resource tags

    arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
  • submitted
    15/07/2023, 01:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    90b10fafdb342b9c3bfd250eeeb0744a2e1dda5c6243681ce5b3079b0ba7ab58.exe

  • Size

    492KB

  • MD5

    f62f5d3d6382e399f0370206a887d3c6

  • SHA1

    5a70c6412037db4485e9d651dff569bec511c505

  • SHA256

    90b10fafdb342b9c3bfd250eeeb0744a2e1dda5c6243681ce5b3079b0ba7ab58

  • SHA512

    60db0e95a23578b4c215b02c7758aeac11251d2405d005a8af80716bb5c490f768cfb4019eb0bc1494784b6d7f0a828eadd0aac434589c961d7cad1fd7fc7e2d

  • SSDEEP

    12288:62lLKswfGwKN2/p5FXyxK4w5VKtHjm9lXXr5Kf+E3:62ldtEJyxK4w/KBSfQf93

Score
10/10
redlinekirainfostealer

Malware Config

Extracted

Family

redline

Botnet

kira

C2

77.91.68.48:19071

Attributes
  • auth_value

    1677a40fd8997eb89377e1681911e9c6

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

Processes

  • C:\Users\Admin\AppData\Local\Temp\90b10fafdb342b9c3bfd250eeeb0744a2e1dda5c6243681ce5b3079b0ba7ab58.exe
    "C:\Users\Admin\AppData\Local\Temp\90b10fafdb342b9c3bfd250eeeb0744a2e1dda5c6243681ce5b3079b0ba7ab58.exe"
    1⤵
      PID:2384

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2384-118-0x0000000000400000-0x000000000047F000-memory.dmp

      Filesize

      508KB

      Download

    • memory/2384-119-0x00000000020E0000-0x000000000216C000-memory.dmp

      Filesize

      560KB

      Download

    • memory/2384-125-0x00000000735C0000-0x0000000073CAE000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2384-126-0x00000000020E0000-0x000000000216C000-memory.dmp

      Filesize

      560KB

      Download

    • memory/2384-127-0x00000000023D0000-0x00000000023D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2384-128-0x00000000023F0000-0x00000000023F6000-memory.dmp

      Filesize

      24KB

      Download

    • memory/2384-129-0x0000000009EF0000-0x000000000A4F6000-memory.dmp

      Filesize

      6.0MB

      Download

    • memory/2384-130-0x000000000A500000-0x000000000A60A000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/2384-131-0x0000000006C70000-0x0000000006C80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2384-132-0x0000000006A50000-0x0000000006A62000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2384-133-0x0000000006A70000-0x0000000006AAE000-memory.dmp

      Filesize

      248KB

      Download

    • memory/2384-134-0x000000000A610000-0x000000000A65B000-memory.dmp

      Filesize

      300KB

      Download

    • memory/2384-135-0x0000000000400000-0x000000000047F000-memory.dmp

      Filesize

      508KB

      Download

    • memory/2384-136-0x00000000735C0000-0x0000000073CAE000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2384-137-0x0000000006C70000-0x0000000006C80000-memory.dmp

      Filesize

      64KB

      Download