Overview

overview

10

Static

static

3

549049c206...9c.exe

windows7-x64

10

549049c206...9c.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    16/07/2023, 02:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    549049c206798ac82da3d7bf88fec6d324737390070547998c0828b916905d9c.exe

  • Size

    243KB

  • MD5

    a477e784517edb8205cd457bc48b3815

  • SHA1

    aa5056861b6734362185e3f864832175da0f70b0

  • SHA256

    549049c206798ac82da3d7bf88fec6d324737390070547998c0828b916905d9c

  • SHA512

    961ab6cb49e96b473571e4ac64d5a0c870f3ef6047ba5aa48cf4d9b7a8d4d1c0ba0a8d4d2890acc0aec1c8a3e809ed76b35606ed96c92a34255a810d7f3d621d

  • SSDEEP

    6144:BLk847qGHjoltg7qZ0unKBxrDU/xuM466dQeTJ+:Bf6Dcg7qLyrDSxPGdQSA

Score
10/10
redlinelogsdiller cloud (telegram: @logsdillabot)infostealer

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (Telegram: @logsdillabot)

C2

147.135.165.22:17748

Attributes
  • auth_value

    c2955ed3813a798683a185a82e949f88

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

Processes

  • C:\Users\Admin\AppData\Local\Temp\549049c206798ac82da3d7bf88fec6d324737390070547998c0828b916905d9c.exe
    "C:\Users\Admin\AppData\Local\Temp\549049c206798ac82da3d7bf88fec6d324737390070547998c0828b916905d9c.exe"
    1⤵
      PID:2572

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2572-55-0x00000000005F0000-0x00000000006F0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2572-56-0x0000000000400000-0x00000000004F7000-memory.dmp

      Filesize

      988KB

      Download

    • memory/2572-57-0x0000000000220000-0x000000000025F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/2572-59-0x0000000073E40000-0x000000007452E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2572-58-0x0000000001EF0000-0x0000000001F28000-memory.dmp

      Filesize

      224KB

      Download

    • memory/2572-60-0x00000000025A0000-0x00000000025E0000-memory.dmp

      Filesize

      256KB

      Download

    • memory/2572-61-0x00000000025A0000-0x00000000025E0000-memory.dmp

      Filesize

      256KB

      Download

    • memory/2572-62-0x00000000005C0000-0x00000000005F4000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2572-63-0x0000000002180000-0x0000000002186000-memory.dmp

      Filesize

      24KB

      Download

    • memory/2572-64-0x00000000025A0000-0x00000000025E0000-memory.dmp

      Filesize

      256KB

      Download

    • memory/2572-65-0x0000000000400000-0x00000000004F7000-memory.dmp

      Filesize

      988KB

      Download

    • memory/2572-66-0x00000000005F0000-0x00000000006F0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2572-67-0x0000000073E40000-0x000000007452E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2572-68-0x00000000025A0000-0x00000000025E0000-memory.dmp

      Filesize

      256KB

      Download

    • memory/2572-69-0x00000000025A0000-0x00000000025E0000-memory.dmp

      Filesize

      256KB

      Download

    • memory/2572-70-0x00000000025A0000-0x00000000025E0000-memory.dmp

      Filesize

      256KB

      Download

    • memory/2572-71-0x00000000025A0000-0x00000000025E0000-memory.dmp

      Filesize

      256KB

      Download