redline | 58f831461c8f6baf0ae80f647962ca2878264aa656642569f4653e068662265e | Triage

Analysis

max time kernel
133s
max time network
146s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
15/08/2023, 14:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

decode_d6a722f5dbabcef62e0109dc231fb34b4383938d30c1bc5a8e9cc4fb5ad20d93.exe
Size

174KB
MD5

ca1302a1f4a4618f831366a6df044621
SHA1

129e07589d0feb1f7f226b50f47c538634ec4791
SHA256

58f831461c8f6baf0ae80f647962ca2878264aa656642569f4653e068662265e
SHA512

0054ec98c4e1d4174ef91a989cd3ef66a965fa186b1b710ba43e151720de7ec895c63311a5e14651ebec746608d5a2fb8ba5af26bd3b58b961e85f1db24bb700
SSDEEP

3072:nPQlw+aEWI0a4qfn8OYnGHMMwLE0GJ+4zItlsj3Jr8e8ht:n4lJWI0a4inYMwLE0HmItlsj39

Score

10^/10

redline d infostealer

Malware Config

Extracted

Family

redline

Botnet

D

C2

173.199.124.134:27677

Attributes

auth_value
0c9d599ca753737d9dfc32da8a266ae5

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

C:\Users\Admin\AppData\Local\Temp\decode_d6a722f5dbabcef62e0109dc231fb34b4383938d30c1bc5a8e9cc4fb5ad20d93.exe
"C:\Users\Admin\AppData\Local\Temp\decode_d6a722f5dbabcef62e0109dc231fb34b4383938d30c1bc5a8e9cc4fb5ad20d93.exe"
1⤵
PID:2172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2172-54-0x0000000000F80000-0x0000000000FB0000-memory.dmp

Filesize
192KB

Download
memory/2172-55-0x00000000746B0000-0x0000000074D9E000-memory.dmp

Filesize
6.9MB

Download
memory/2172-56-0x0000000000350000-0x0000000000356000-memory.dmp

Filesize
24KB

Download
memory/2172-57-0x0000000000BB0000-0x0000000000BF0000-memory.dmp

Filesize
256KB

Download
memory/2172-58-0x00000000746B0000-0x0000000074D9E000-memory.dmp

Filesize
6.9MB

Download
memory/2172-59-0x0000000000BB0000-0x0000000000BF0000-memory.dmp

Filesize
256KB

Download