redline | 9650bbba48baf4708786c268f27955e069f83a0ce581401bdd6e81534e613b62

Analysis

max time kernel
142s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
06/08/2023, 02:30 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0x0007000000015e7c-102.exe
Size

174KB
MD5

f4efcc727f7fcaea15a29b399889387b
SHA1

8d55e438c6b649ce9f816d9de19b298b1baa38fa
SHA256

9650bbba48baf4708786c268f27955e069f83a0ce581401bdd6e81534e613b62
SHA512

b890898973413bace8095b98bc358f9b3a1759d8386d71341d6e7f3b9725d513b2fe789c116ba1d37d3aef69e04bea8b3654520bdf5f182840e84b14d0eccca3
SSDEEP

3072:9SZeJjHB9I0U6o4uOpN2AKU0BIE00KmH5kGvJk8e8hU:9SZe79I0U6o4D0IE0I5kGvi

Score

10^/10

redline micky infostealer

Malware Config

Extracted

Family

redline

Botnet

micky

77.91.124.172:19071

Attributes

auth_value
748f3c67c004f4a994500f05127b4428

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

C:\Users\Admin\AppData\Local\Temp\0x0007000000015e7c-102.exe
"C:\Users\Admin\AppData\Local\Temp\0x0007000000015e7c-102.exe"
1⤵
PID:3372

Network

DNS

1.208.79.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.208.79.178.in-addr.arpa

IN PTR

Response

1.208.79.178.in-addr.arpa

IN PTR

https-178-79-208-1amsllnwnet
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

208.194.73.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.194.73.20.in-addr.arpa

IN PTR

Response
DNS

64.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

64.159.190.20.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

183.59.114.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.59.114.20.in-addr.arpa

IN PTR

Response
DNS

56.126.166.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.126.166.20.in-addr.arpa

IN PTR

Response
DNS

254.167.241.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

254.167.241.8.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

0.77.109.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.77.109.52.in-addr.arpa

IN PTR

Response
DNS

6.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

6.173.189.20.in-addr.arpa

IN PTR

Response

77.91.124.172:19071

0x0007000000015e7c-102.exe

260 B
5
77.91.124.172:19071

0x0007000000015e7c-102.exe

260 B
5
77.91.124.172:19071

0x0007000000015e7c-102.exe

260 B
5
77.91.124.172:19071

0x0007000000015e7c-102.exe

260 B
5
77.91.124.172:19071

0x0007000000015e7c-102.exe

260 B
5
77.91.124.172:19071

0x0007000000015e7c-102.exe

260 B
5

8.8.8.8:53

1.208.79.178.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

1.208.79.178.in-addr.arpa
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

208.194.73.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

208.194.73.20.in-addr.arpa
8.8.8.8:53

64.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

64.159.190.20.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

183.59.114.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

183.59.114.20.in-addr.arpa
8.8.8.8:53

56.126.166.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

56.126.166.20.in-addr.arpa
8.8.8.8:53

254.167.241.8.in-addr.arpa

dns

72 B
126 B
1
1

DNS Request

254.167.241.8.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

0.77.109.52.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

0.77.109.52.in-addr.arpa
8.8.8.8:53

6.173.189.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

6.173.189.20.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3372-134-0x0000000075300000-0x0000000075AB0000-memory.dmp

Filesize
7.7MB

Download
memory/3372-133-0x0000000000C40000-0x0000000000C70000-memory.dmp

Filesize
192KB

Download
memory/3372-135-0x0000000005C90000-0x00000000062A8000-memory.dmp

Filesize
6.1MB

Download
memory/3372-136-0x0000000005780000-0x000000000588A000-memory.dmp

Filesize
1.0MB

Download
memory/3372-137-0x00000000056C0000-0x00000000056D2000-memory.dmp

Filesize
72KB

Download
memory/3372-138-0x0000000005660000-0x0000000005670000-memory.dmp

Filesize
64KB

Download
memory/3372-139-0x0000000005720000-0x000000000575C000-memory.dmp

Filesize
240KB

Download
memory/3372-140-0x0000000075300000-0x0000000075AB0000-memory.dmp

Filesize
7.7MB

Download
memory/3372-141-0x0000000005660000-0x0000000005670000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.