redline | 7e237442d8ab222321cc0101995ea3cf9c13192c453b0a94ba08d60fe667c847 | Triage

Submit
Reports

Overview

overview

Static

static

0x00070000...73.exe

windows7-x64

0x00070000...73.exe

windows10-2004-x64

Analysis

max time kernel
151s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 19:46

Sharing

Copy URL Twitter E-mail

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

0x000700000002323c-73.exe

Resource

win7-20230831-en

redline kendo infostealer

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

0x000700000002323c-73.exe

Resource

win10v2004-20230915-en

redline kendo infostealer

windows10-2004-x64

1 signatures

150 seconds

Report Analysis Logs

General

Target

0x000700000002323c-73.exe
Size

173KB
MD5

4ccc65f45f2b0741b0f68b56388e9cbb
SHA1

2dada62c6c240825d28edf7c22966f92d50dfe4c
SHA256

7e237442d8ab222321cc0101995ea3cf9c13192c453b0a94ba08d60fe667c847
SHA512

4263b05d850eb485fbf949982b50b68318cb83c848ba7abe16babc9de90d939394510fd9708e029fccc28c8c4e812b03e9f84d7cbf5406ad80a4dd5d8b238228
SSDEEP

3072:AmJOPRIaXI0TIakh+OQhqV+wp5/aif4E0+6OKj0ap0HijJL8e8hh:dJObXI0TIakh4pE4E0/Odap0Hijd

Score

10^/10

redline kendo infostealer

Malware Config

Extracted

Family

redline

Botnet

kendo

C2

77.91.124.82:19071

Attributes

auth_value
5a22a881561d49941415902859b51f14

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

Processes

C:\Users\Admin\AppData\Local\Temp\0x000700000002323c-73.exe
"C:\Users\Admin\AppData\Local\Temp\0x000700000002323c-73.exe"
1⤵
PID:1840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1840-0-0x00000000751C0000-0x0000000075970000-memory.dmp

Filesize
7.7MB

Download
memory/1840-1-0x00000000751C0000-0x0000000075970000-memory.dmp

Filesize
7.7MB

Download
memory/1840-2-0x00000000005F0000-0x0000000000620000-memory.dmp

Filesize
192KB

Download
memory/1840-3-0x0000000005280000-0x0000000005286000-memory.dmp

Filesize
24KB

Download
memory/1840-4-0x00000000058E0000-0x0000000005EF8000-memory.dmp

Filesize
6.1MB

Download
memory/1840-5-0x00000000053D0000-0x00000000054DA000-memory.dmp

Filesize
1.0MB

Download
memory/1840-7-0x00000000052B0000-0x00000000052C0000-memory.dmp

Filesize
64KB

Download
memory/1840-6-0x00000000052F0000-0x0000000005302000-memory.dmp

Filesize
72KB

Download
memory/1840-8-0x0000000005350000-0x000000000538C000-memory.dmp

Filesize
240KB

Download
memory/1840-9-0x00000000054E0000-0x000000000552C000-memory.dmp

Filesize
304KB

Download
memory/1840-10-0x00000000052B0000-0x00000000052C0000-memory.dmp

Filesize
64KB

Download

© 2018-2025

Terms | Privacy