Overview

overview

10

Static

static

10

0x00070000...41.exe

windows7-x64

10

0x00070000...41.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    170s
  • max time network
    177s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/10/2023, 14:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0x000700000002325b-41.exe

  • Size

    222KB

  • MD5

    ebc0f64cb2d805910107daba7b7e65d0

  • SHA1

    0b7bcad07626de11d4eaa77d712c6dba9b5f78f8

  • SHA256

    e638227748e90b53e92cc111a0993674e52c905178fb99fff5dbb3d7c894d5ba

  • SHA512

    c82488983fd78770487c994a94328c67f2cb2c6330ebc7a86425f45524ae8763bb8b3499e92c123b7d3a9509d982d036d78790ede92233f1e2da959fa704509c

  • SSDEEP

    3072:TtJXRMeZYncNgckxQdxCr1d2t/q5yoQVZL53pRzzXZQAZ:TJMeucNgckedxCDo/doQVZdZRzzXZQ

Score
10/10
redlinekukishinfostealer

Malware Config

Extracted

Family

redline

Botnet

kukish

C2

77.91.124.55:19071

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0x000700000002325b-41.exe
    "C:\Users\Admin\AppData\Local\Temp\0x000700000002325b-41.exe"
    1⤵
      PID:4384

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4384-0-0x00000000744A0000-0x0000000074C50000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4384-1-0x0000000000120000-0x000000000015E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/4384-2-0x0000000007500000-0x0000000007AA4000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/4384-3-0x0000000006FF0000-0x0000000007082000-memory.dmp

      Filesize

      584KB

      Download

    • memory/4384-4-0x0000000006FE0000-0x0000000006FF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4384-5-0x00000000071A0000-0x00000000071AA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/4384-6-0x00000000080D0000-0x00000000086E8000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/4384-7-0x0000000007340000-0x000000000744A000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/4384-8-0x0000000007270000-0x0000000007282000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4384-9-0x00000000072D0000-0x000000000730C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/4384-10-0x0000000007450000-0x000000000749C000-memory.dmp

      Filesize

      304KB

      Download

    • memory/4384-11-0x00000000744A0000-0x0000000074C50000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4384-12-0x0000000006FE0000-0x0000000006FF0000-memory.dmp

      Filesize

      64KB

      Download