Overview

overview

10

Static

static

1

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    290s
  • max time network
    302s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    10-10-2023 00:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4aw602SF.exe

  • Size

    459KB

  • MD5

    f807505c12a33b65b08e46eef6408959

  • SHA1

    49813fdcd432b333f296421a2dbf867506363626

  • SHA256

    1327f6d2be1f9ec0e2bef78ffb5a702b1a5249e4e7cea43e0012aebf1cb8c669

  • SHA512

    4df7bf7aaa4f1a409032c3e2e1cce183b707b70219b62d54af7fdccb6e5b7f78ae67727ee4bc6c30e044cb0f6535b155d1834ad3e3120eef7fdba82740919179

  • SSDEEP

    6144:4vRHImfMPTjdJUINv8nqBJY5FAOtOjHXfSxrviJxekGQYto/vHYjB4rSPjIEtN3:4vCmETjbJ3mTOjHvSxrviukGftgvHhG3

Score
10/10
redlinefrantinfostealer

Malware Config

Extracted

Family

redline

Botnet

frant

C2

77.91.124.55:19071

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 6 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4aw602SF.exe
    "C:\Users\Admin\AppData\Local\Temp\4aw602SF.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1948
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
        PID:2612
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        2⤵
          PID:1360
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 144
          2⤵
          • Program crash
          PID:2324

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1360-0-0x0000000000400000-0x000000000043E000-memory.dmp
        Filesize

        248KB

        Download
      • memory/1360-1-0x0000000000400000-0x000000000043E000-memory.dmp
        Filesize

        248KB

        Download
      • memory/1360-2-0x0000000000400000-0x000000000043E000-memory.dmp
        Filesize

        248KB

        Download
      • memory/1360-3-0x0000000000400000-0x000000000043E000-memory.dmp
        Filesize

        248KB

        Download
      • memory/1360-4-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp
        Filesize

        4KB

        Download
      • memory/1360-5-0x0000000000400000-0x000000000043E000-memory.dmp
        Filesize

        248KB

        Download
      • memory/1360-9-0x0000000000400000-0x000000000043E000-memory.dmp
        Filesize

        248KB

        Download
      • memory/1360-7-0x0000000000400000-0x000000000043E000-memory.dmp
        Filesize

        248KB

        Download
      • memory/1360-10-0x00000000743C0000-0x0000000074AAE000-memory.dmp
        Filesize

        6.9MB

        Download
      • memory/1360-11-0x0000000007330000-0x0000000007370000-memory.dmp
        Filesize

        256KB

        Download
      • memory/1360-12-0x00000000743C0000-0x0000000074AAE000-memory.dmp
        Filesize

        6.9MB

        Download
      • memory/1360-13-0x0000000007330000-0x0000000007370000-memory.dmp
        Filesize

        256KB

        Download