Overview

overview

10

Static

static

10

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    289s
  • max time network
    303s
  • platform
    windows10-1703_x64
  • resource
    win10-20230831-en
  • resource tags

    arch:x64arch:x86image:win10-20230831-enlocale:en-usos:windows10-1703-x64system
  • submitted
    04/09/2023, 01:33

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    i1009537.exe

  • Size

    174KB

  • MD5

    ebc94da1f9aa5951a1772e27710c4147

  • SHA1

    8e4f4af1dd2e5c919580859571c199ae16cf0ffa

  • SHA256

    6abc00482649fcd2b81a295536adb68e22d42e5e1bf88eda9b05be6144faae77

  • SHA512

    8c174a44eeb517af98589786473c57be757911faf940aecfd1bb92bf1c7e2d2d0ce7b453df36ea1dc8ad98281f56b059d57f61b5b7be8adc863022b09febdfbf

  • SSDEEP

    3072:z+BDWfkwS/VcI0EMHiRONe9GT+qE0gRrOaQ9JY8e8h0:z0DWfCcI0EMHijqE0xaQ9e

Score
10/10
redlinegenainfostealer

Malware Config

Extracted

Family

redline

Botnet

gena

C2

77.91.124.82:19071

Attributes
  • auth_value

    93c20961cb6b06b2d5781c212db6201e

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

Processes

  • C:\Users\Admin\AppData\Local\Temp\i1009537.exe
    "C:\Users\Admin\AppData\Local\Temp\i1009537.exe"
    1⤵
      PID:3400

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/3400-0-0x0000000000340000-0x0000000000370000-memory.dmp

            Filesize

            192KB

            Download

          • memory/3400-1-0x0000000073450000-0x0000000073B3E000-memory.dmp

            Filesize

            6.9MB

            Download

          • memory/3400-2-0x0000000004AF0000-0x0000000004AF6000-memory.dmp

            Filesize

            24KB

            Download

          • memory/3400-3-0x000000000A6F0000-0x000000000ACF6000-memory.dmp

            Filesize

            6.0MB

            Download

          • memory/3400-4-0x000000000A280000-0x000000000A38A000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/3400-5-0x0000000004B10000-0x0000000004B20000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3400-6-0x000000000A1B0000-0x000000000A1C2000-memory.dmp

            Filesize

            72KB

            Download

          • memory/3400-7-0x000000000A210000-0x000000000A24E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/3400-8-0x000000000A390000-0x000000000A3DB000-memory.dmp

            Filesize

            300KB

            Download

          • memory/3400-9-0x0000000073450000-0x0000000073B3E000-memory.dmp

            Filesize

            6.9MB

            Download

          • memory/3400-10-0x0000000004B10000-0x0000000004B20000-memory.dmp

            Filesize

            64KB

            Download