Analysis
-
max time kernel
134s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
13-10-2023 13:03
Behavioral task
behavioral1
Sample
0x000600000002321a-142.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
0x000600000002321a-142.exe
Resource
win10v2004-20230915-en
General
-
Target
0x000600000002321a-142.exe
-
Size
222KB
-
MD5
975142e86a75ceb43a28d79327a3c86a
-
SHA1
91b344e2043fbc66efcfe4d9712e5516a560bda5
-
SHA256
40cc705a4ee76c120e15714b27b1d25da3a65568e69c15b5a8c6639affa98e0a
-
SHA512
7a3b697cc6a3dc674f11ed399ad737a2604405c7cff908ff2295c2be366fc4144bf9bbc79447c07fd4d476023ad088898ee8fd62c753a0f5330c2801da6d93c1
-
SSDEEP
3072:TtJXRMeZYncNgckxQdxCr1d2t/q5yoQVZL53pRzzXZQAZ:TJMeucNgckedxCDo/doQVZdZRzzXZQ
Malware Config
Extracted
redline
kukish
77.91.124.55:19071
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/2792-1-0x0000000000C60000-0x0000000000C9E000-memory.dmp family_redline behavioral1/memory/2792-2-0x0000000007070000-0x00000000070B0000-memory.dmp family_redline
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2792-0-0x0000000074120000-0x000000007480E000-memory.dmpFilesize
6.9MB
-
memory/2792-1-0x0000000000C60000-0x0000000000C9E000-memory.dmpFilesize
248KB
-
memory/2792-2-0x0000000007070000-0x00000000070B0000-memory.dmpFilesize
256KB
-
memory/2792-3-0x0000000074120000-0x000000007480E000-memory.dmpFilesize
6.9MB
-
memory/2792-4-0x0000000007070000-0x00000000070B0000-memory.dmpFilesize
256KB