Overview

overview

10

Static

static

10

b86eb5cd1d...08.exe

windows7-x64

10

b86eb5cd1d...08.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/08/2023, 02:11

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b86eb5cd1d671fb8a6b7f3e20b64ab08.exe

  • Size

    174KB

  • MD5

    b86eb5cd1d671fb8a6b7f3e20b64ab08

  • SHA1

    54cf76736cfb69d9191ad704d2174eb56862bbf7

  • SHA256

    28cf048a73acba104186c47b87fbd835390578d6f58456123448be4df555170e

  • SHA512

    d508c6109e7e7e9b48c82626b3d03c855aaa3601e47ede053ac18371c93c715070903d7c31f9522605ae8a7979a4b0eb18a0cbc639896d5450f2f2ceb0568ccd

  • SSDEEP

    3072:KGX6GJpOzI0/n/KnaOAs9rzyQlOeE0E7UTtj2JB8e8hK:FX6/zI0/n/KnYCOeE0jtj2n

Score
10/10
redlinewelosinfostealer

Malware Config

Extracted

Family

redline

Botnet

welos

C2

77.91.124.156:19071

Attributes
  • auth_value

    9605367dc0a1f64eb2f71769fb518fcf

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

Processes

  • C:\Users\Admin\AppData\Local\Temp\b86eb5cd1d671fb8a6b7f3e20b64ab08.exe
    "C:\Users\Admin\AppData\Local\Temp\b86eb5cd1d671fb8a6b7f3e20b64ab08.exe"
    1⤵
      PID:920

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/920-0-0x0000000000660000-0x0000000000690000-memory.dmp

            Filesize

            192KB

            Download

          • memory/920-1-0x0000000074BD0000-0x0000000075380000-memory.dmp

            Filesize

            7.7MB

            Download

          • memory/920-2-0x0000000005720000-0x0000000005D38000-memory.dmp

            Filesize

            6.1MB

            Download

          • memory/920-3-0x0000000005210000-0x000000000531A000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/920-5-0x0000000004FF0000-0x0000000005000000-memory.dmp

            Filesize

            64KB

            Download

          • memory/920-4-0x0000000005120000-0x0000000005132000-memory.dmp

            Filesize

            72KB

            Download

          • memory/920-6-0x0000000005180000-0x00000000051BC000-memory.dmp

            Filesize

            240KB

            Download

          • memory/920-7-0x0000000074BD0000-0x0000000075380000-memory.dmp

            Filesize

            7.7MB

            Download

          • memory/920-8-0x0000000004FF0000-0x0000000005000000-memory.dmp

            Filesize

            64KB

            Download