redline | 55b7d416e51188049d35c18c3b92e1670cd4b4972e5bee397b1aa6124450435b | Triage

Submit
Reports

Overview

overview

Static

static

0x00070000...34.exe

windows7-x64

0x00070000...34.exe

windows10-2004-x64

Analysis

max time kernel
152s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2023 20:19

Sharing

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

0x00070000000231bc-34.exe

Resource

win7-20230831-en

redline kendo infostealer

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

0x00070000000231bc-34.exe

Resource

win10v2004-20230915-en

redline kendo infostealer

windows10-2004-x64

1 signatures

150 seconds

Report Analysis Logs

General

Target

0x00070000000231bc-34.exe
Size

173KB
MD5

84ecf8963b65a9f9e06ddfb005438bae
SHA1

4a6e65d601ab13bc57848c87c7b75048bc9358e1
SHA256

55b7d416e51188049d35c18c3b92e1670cd4b4972e5bee397b1aa6124450435b
SHA512

53a4b09ea8d54e21a3ca70b8b10b4825b43232258ea26fedd4570c09df8365fce2057b9637d64c3f356de07dbb030b04d3d3958e156beeebabfd0a11a0ed6cd1
SSDEEP

3072:AmJOPRIaXI0TIakh+OQhqV+wp5/aif4E0+6OKj0ap0HijJL8e8hh:dJObXI0TIakh4pE4E0/Odap0Hijd

Score

10^/10

redline kendo infostealer

Malware Config

Extracted

Family

redline

Botnet

kendo

C2

77.91.124.82:19071

Attributes

auth_value
5a22a881561d49941415902859b51f14

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

Processes

C:\Users\Admin\AppData\Local\Temp\0x00070000000231bc-34.exe
"C:\Users\Admin\AppData\Local\Temp\0x00070000000231bc-34.exe"
1⤵
PID:2636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2636-0-0x0000000000DC0000-0x0000000000DF0000-memory.dmp

Filesize
192KB

Download
memory/2636-1-0x00000000750D0000-0x0000000075880000-memory.dmp

Filesize
7.7MB

Download
memory/2636-2-0x0000000005590000-0x0000000005596000-memory.dmp

Filesize
24KB

Download
memory/2636-3-0x0000000005D90000-0x00000000063A8000-memory.dmp

Filesize
6.1MB

Download
memory/2636-4-0x0000000005880000-0x000000000598A000-memory.dmp

Filesize
1.0MB

Download
memory/2636-5-0x00000000055F0000-0x0000000005602000-memory.dmp

Filesize
72KB

Download
memory/2636-6-0x0000000005660000-0x0000000005670000-memory.dmp

Filesize
64KB

Download
memory/2636-7-0x0000000005770000-0x00000000057AC000-memory.dmp

Filesize
240KB

Download
memory/2636-8-0x00000000057B0000-0x00000000057FC000-memory.dmp

Filesize
304KB

Download
memory/2636-9-0x00000000750D0000-0x0000000075880000-memory.dmp

Filesize
7.7MB

Download
memory/2636-10-0x0000000005660000-0x0000000005670000-memory.dmp

Filesize
64KB

Download

© 2018-2024

Terms | Privacy