redline | 40e9bcb1a4f9de51c2634e84f227076cf5e0ffa9c46759329a9e13e5e23fcf06 | Triage

Analysis

max time kernel
133s
max time network
144s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
15/08/2023, 12:57

Sharing

Report Analysis Logs

General

Target

0x000500000001956e-110.exe
Size

174KB
MD5

ebb069a8c4ab893f77ff5556df2fc73d
SHA1

a03f5a61af3a3b3669339f6e2b15fa1328b97464
SHA256

40e9bcb1a4f9de51c2634e84f227076cf5e0ffa9c46759329a9e13e5e23fcf06
SHA512

a5c75238b5618a96c15b0c3369d7a23a104b8ee4705bb6b23c7380bc31ae758222c4aa5ae6e4c764237e1a65ed8c4114b3c07b02c52b2a6d0c7805267859f635
SSDEEP

3072:8QiX1vTI0EVXvWOti2i6t8CE0CI0XkNvlnMDJz8e8hZ:8QgTI0EVXvV8CE0KkNvlnMDF

Score

10^/10

redline regta infostealer

Malware Config

Extracted

Family

redline

Botnet

regta

C2

77.91.124.54:19071

Attributes

auth_value
c6f537c6f0415ea7760a9bc81f48c756

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

C:\Users\Admin\AppData\Local\Temp\0x000500000001956e-110.exe
"C:\Users\Admin\AppData\Local\Temp\0x000500000001956e-110.exe"
1⤵
PID:2592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2592-54-0x00000000008D0000-0x0000000000900000-memory.dmp

Filesize
192KB

Download
memory/2592-55-0x00000000749A0000-0x000000007508E000-memory.dmp

Filesize
6.9MB

Download
memory/2592-56-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download
memory/2592-57-0x00000000048B0000-0x00000000048F0000-memory.dmp

Filesize
256KB

Download
memory/2592-58-0x00000000749A0000-0x000000007508E000-memory.dmp

Filesize
6.9MB

Download
memory/2592-59-0x00000000048B0000-0x00000000048F0000-memory.dmp

Filesize
256KB

Download