Overview

overview

10

Static

static

10

h9338673.exe

windows7-x64

10

h9338673.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-10-2023 16:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    h9338673.exe

  • Size

    173KB

  • MD5

    36e62f65ef0e16f0442fa1ab2895fe16

  • SHA1

    115b4b0548b2080edfe2e335978342b51fbd1b24

  • SHA256

    c02d277674bc03cbede4114f37d8e72aa466ffb10224a773abf02de62866ad03

  • SHA512

    0ab7a25dfadf3c2f058a873413ad5317b134e5386a09c39dfc729fdee7cb0d32ce9472053fc718cd07fd2e1ae733cc8f941ec1a5f1e0e07c46aba0ddc4e481a4

  • SSDEEP

    3072:AmJOPRIaXI0TIakh+OQhqV+wp5/aif4E0+6OKj0ap0HijJL8e8hh:dJObXI0TIakh4pE4E0/Odap0Hijd

Score
10/10
redlinekendoinfostealer

Malware Config

Extracted

Family

redline

Botnet

kendo

C2

77.91.124.82:19071

Attributes
  • auth_value

    5a22a881561d49941415902859b51f14

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

Processes

  • C:\Users\Admin\AppData\Local\Temp\h9338673.exe
    "C:\Users\Admin\AppData\Local\Temp\h9338673.exe"
    1⤵
      PID:1776

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1776-0-0x0000000074700000-0x0000000074EB0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/1776-1-0x0000000000960000-0x0000000000990000-memory.dmp

      Filesize

      192KB

      Download

    • memory/1776-2-0x0000000002C30000-0x0000000002C36000-memory.dmp

      Filesize

      24KB

      Download

    • memory/1776-3-0x0000000005AA0000-0x00000000060B8000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/1776-4-0x0000000005590000-0x000000000569A000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/1776-5-0x0000000005470000-0x0000000005480000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1776-6-0x0000000005410000-0x0000000005422000-memory.dmp

      Filesize

      72KB

      Download

    • memory/1776-7-0x0000000005480000-0x00000000054BC000-memory.dmp

      Filesize

      240KB

      Download

    • memory/1776-8-0x00000000054C0000-0x000000000550C000-memory.dmp

      Filesize

      304KB

      Download

    • memory/1776-9-0x0000000074700000-0x0000000074EB0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/1776-10-0x0000000005470000-0x0000000005480000-memory.dmp

      Filesize

      64KB

      Download