Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    293s
  • max time network
    301s
  • platform
    windows10-1703_x64
  • resource
    win10-20231020-en
  • resource tags

    arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system
  • submitted
    03-11-2023 05:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4jS459oE.exe

  • Size

    1.2MB

  • MD5

    c7bdf9f271930e91de49fecd15c74608

  • SHA1

    182e0da7fce4b75460d4a7035386aa072949d3ae

  • SHA256

    24298788ef815c8db03ed863813543276cd790e69227761dfd14a01d9ac2e899

  • SHA512

    b5a7108c4c28fc13c679b61b003a2bd26f3ac07a55e223c3939e1bd6a5aa47f6ab70abca1c64f41d0d478e13656115139543578f5a07639067f20dd5ef4aceba

  • SSDEEP

    24576:XZ22dAiItf+BVHjcIoRj3csPwTSLcqDB:hItf+BVAIwPoTSLcqN

Score
10/10
redlinegromeinfostealer

Malware Config

Extracted

Family

redline

Botnet

grome

C2

77.91.124.86:19084

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4jS459oE.exe
    "C:\Users\Admin\AppData\Local\Temp\4jS459oE.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2488
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
        PID:2308
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        2⤵
          PID:4488
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 320
          2⤵
          • Program crash
          PID:4796

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4488-0-0x0000000000400000-0x000000000043E000-memory.dmp
        Filesize

        248KB

        Download
      • memory/4488-4-0x0000000073590000-0x0000000073C7E000-memory.dmp
        Filesize

        6.9MB

        Download
      • memory/4488-5-0x000000000B980000-0x000000000BE7E000-memory.dmp
        Filesize

        5.0MB

        Download
      • memory/4488-6-0x000000000B480000-0x000000000B512000-memory.dmp
        Filesize

        584KB

        Download
      • memory/4488-7-0x000000000B6A0000-0x000000000B6B0000-memory.dmp
        Filesize

        64KB

        Download
      • memory/4488-8-0x000000000B5F0000-0x000000000B5FA000-memory.dmp
        Filesize

        40KB

        Download
      • memory/4488-9-0x000000000C490000-0x000000000CA96000-memory.dmp
        Filesize

        6.0MB

        Download
      • memory/4488-10-0x000000000BF90000-0x000000000C09A000-memory.dmp
        Filesize

        1.0MB

        Download
      • memory/4488-11-0x000000000B820000-0x000000000B832000-memory.dmp
        Filesize

        72KB

        Download
      • memory/4488-12-0x000000000B8C0000-0x000000000B8FE000-memory.dmp
        Filesize

        248KB

        Download
      • memory/4488-13-0x000000000B900000-0x000000000B94B000-memory.dmp
        Filesize

        300KB

        Download
      • memory/4488-18-0x0000000073590000-0x0000000073C7E000-memory.dmp
        Filesize

        6.9MB

        Download
      • memory/4488-19-0x000000000B6A0000-0x000000000B6B0000-memory.dmp
        Filesize

        64KB

        Download