Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    292s
  • max time network
    307s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    04-10-2023 07:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    j7464231.exe

  • Size

    310KB

  • MD5

    785964441bf75233d9a0e900d791b0ec

  • SHA1

    0b2be90f3d98b8efce0f0c9339b4108f8e94cda6

  • SHA256

    00f3d069d6b0df663223b54552695c90e33fdf049466e48c1a794312ef1854e8

  • SHA512

    1dff833f36a5952b9fc9bcf5eb3ffdcb9e6292f2401d78f5efcd544848097bb5f3a484ddf4a81cfd8908986b9c4239286e57bb4905c9cde9fab945ea841c974f

  • SSDEEP

    6144:WhzDq0Bru5tnsqWQYeamN4nXyohSUGzOjrj:Wtq0BruRa+yXyohSo/j

Score
10/10
redlinegruhainfostealer

Malware Config

Extracted

Family

redline

Botnet

gruha

C2

77.91.124.55:19071

Attributes
  • auth_value

    2f4cf2e668a540e64775b27535cc6892

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\j7464231.exe
    "C:\Users\Admin\AppData\Local\Temp\j7464231.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2860
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
        PID:2704
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 68
        2⤵
        • Program crash
        PID:2332

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2704-0-0x0000000000400000-0x0000000000430000-memory.dmp
      Filesize

      192KB

      Download
    • memory/2704-1-0x0000000000400000-0x0000000000430000-memory.dmp
      Filesize

      192KB

      Download
    • memory/2704-2-0x0000000000400000-0x0000000000430000-memory.dmp
      Filesize

      192KB

      Download
    • memory/2704-3-0x0000000000400000-0x0000000000430000-memory.dmp
      Filesize

      192KB

      Download
    • memory/2704-4-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2704-5-0x0000000000400000-0x0000000000430000-memory.dmp
      Filesize

      192KB

      Download
    • memory/2704-7-0x0000000000400000-0x0000000000430000-memory.dmp
      Filesize

      192KB

      Download
    • memory/2704-9-0x0000000000400000-0x0000000000430000-memory.dmp
      Filesize

      192KB

      Download
    • memory/2704-10-0x0000000073EC0000-0x00000000745AE000-memory.dmp
      Filesize

      6.9MB

      Download
    • memory/2704-11-0x0000000000250000-0x0000000000256000-memory.dmp
      Filesize

      24KB

      Download
    • memory/2704-12-0x0000000004910000-0x0000000004950000-memory.dmp
      Filesize

      256KB

      Download
    • memory/2704-13-0x0000000073EC0000-0x00000000745AE000-memory.dmp
      Filesize

      6.9MB

      Download
    • memory/2704-14-0x0000000004910000-0x0000000004950000-memory.dmp
      Filesize

      256KB

      Download