Overview

overview

10

Static

static

3

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-08-2023 10:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    231KB

  • MD5

    f10de712a3beaf2f25104268c16fda9c

  • SHA1

    7ab495d3a42947c896c119d0e764713b71b1f927

  • SHA256

    976b89bddadc27d5fad7fb789ecedcd96865267c9202616bc94b434d4bfe5039

  • SHA512

    40e19b06f774642745475b242f43398020232e15e2a3c877057bdd5c151693c1c4aa175efc6a4b9dd7158dcdb3d2389561474dbd4db482f65ff6cb5fc27f6795

  • SSDEEP

    3072:LDuN9/rlccXDSNH1I5qMXcVDdyYsvwcgtVX8qXGVhyNO9PXtt:uNRtyRMXcVDdy3vwxTw3v

Score
10/10
redline1308infostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

1308

C2

176.123.9.142:14845

Attributes
  • auth_value

    7e5dae374c0978dd73c21b47e8439809

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3356

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3356-133-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/3356-134-0x00000000001C0000-0x00000000001F0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/3356-138-0x0000000074DD0000-0x0000000075580000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3356-139-0x0000000004C50000-0x0000000005268000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/3356-140-0x0000000005270000-0x000000000537A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3356-142-0x0000000004B20000-0x0000000004B32000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3356-141-0x0000000004B40000-0x0000000004B50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3356-143-0x0000000005380000-0x00000000053BC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/3356-144-0x0000000005560000-0x00000000055D6000-memory.dmp

    Filesize

    472KB

    Download

  • memory/3356-145-0x00000000055E0000-0x0000000005672000-memory.dmp

    Filesize

    584KB

    Download

  • memory/3356-146-0x0000000005C80000-0x0000000006224000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/3356-147-0x00000000057C0000-0x0000000005826000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3356-148-0x0000000074DD0000-0x0000000075580000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3356-149-0x0000000004B40000-0x0000000004B50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3356-150-0x00000000065F0000-0x00000000067B2000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/3356-151-0x0000000006ED0000-0x00000000073FC000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3356-152-0x0000000006940000-0x0000000006990000-memory.dmp

    Filesize

    320KB

    Download

  • memory/3356-155-0x0000000074DD0000-0x0000000075580000-memory.dmp

    Filesize

    7.7MB

    Download