Overview

overview

10

Static

static

1

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    291s
  • max time network
    309s
  • platform
    windows10-1703_x64
  • resource
    win10-20230915-en
  • resource tags

    arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
  • submitted
    20/09/2023, 04:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    j3571179.exe

  • Size

    1.1MB

  • MD5

    b80675ef3fff2ae08b03d4e5ce873a3a

  • SHA1

    d4545c7d1c83b25fe9d51bd41bae29a3480b11b2

  • SHA256

    ce826aa81606ddd05ae4d49cd87cf4b06803ed8794e15df8fa0f093b3ed8f357

  • SHA512

    f135566939739ccf390e5890f776a6211b0513aaf293d926e49ae13e66ac1cf6ef68f2f28a3f82ea96a14ddf12b8838f32610c34676bac580484a895eba86370

  • SSDEEP

    12288:HNsgAN2dA1o49i4ytPDxZ5ZVf95Tjz8LW6h4vIubLka8JPSttttzR3dLCA2:tsgq2dA1h9i4yt3VX39YPSttttzRsA2

Score
10/10
redlinepretsinfostealer

Malware Config

Extracted

Family

redline

Botnet

prets

C2

77.91.124.82:19071

Attributes
  • auth_value

    44ee9617e145f5ca73d49c1a4a0c2e34

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\j3571179.exe
    "C:\Users\Admin\AppData\Local\Temp\j3571179.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4604
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
        PID:3136
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        2⤵
          PID:3636
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 132
          2⤵
          • Program crash
          PID:4580

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3636-0-0x0000000000400000-0x0000000000430000-memory.dmp

        Filesize

        192KB

        Download

      • memory/3636-4-0x00000000740B0000-0x000000007479E000-memory.dmp

        Filesize

        6.9MB

        Download

      • memory/3636-5-0x0000000006F70000-0x0000000006F76000-memory.dmp

        Filesize

        24KB

        Download

      • memory/3636-6-0x000000000EF20000-0x000000000F526000-memory.dmp

        Filesize

        6.0MB

        Download

      • memory/3636-7-0x000000000EAA0000-0x000000000EBAA000-memory.dmp

        Filesize

        1.0MB

        Download

      • memory/3636-9-0x000000000E9D0000-0x000000000E9E2000-memory.dmp

        Filesize

        72KB

        Download

      • memory/3636-8-0x0000000006F10000-0x0000000006F20000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3636-10-0x000000000EA30000-0x000000000EA6E000-memory.dmp

        Filesize

        248KB

        Download

      • memory/3636-11-0x000000000EBB0000-0x000000000EBFB000-memory.dmp

        Filesize

        300KB

        Download

      • memory/3636-16-0x00000000740B0000-0x000000007479E000-memory.dmp

        Filesize

        6.9MB

        Download

      • memory/3636-17-0x0000000006F10000-0x0000000006F20000-memory.dmp

        Filesize

        64KB

        Download