Overview

overview

10

Static

static

3

NEAS.1183c...60.exe

windows7-x64

10

NEAS.1183c...60.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    183s
  • max time network
    205s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    03-11-2023 09:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.1183c7c1c8babfb56816b3d45e2c5a60.exe

  • Size

    1.1MB

  • MD5

    1183c7c1c8babfb56816b3d45e2c5a60

  • SHA1

    25efad3faafa5fd6e013af432dd7eeebba070b17

  • SHA256

    d9652e95ebb2fd62f36a06ec562fb26ad72e9a051f5fb5ee48a7d1a17f545bbb

  • SHA512

    5fda09b2ffbc5368717e121e12811382ce2387283bf96c66476ac965a142336679b5b9faca64628f6449b2af6a19e442dccf6d3e0c15adc80338df334bd200d3

  • SSDEEP

    12288:Gq3KugBLL3GvJYfS8RRgbtp25/OMcZKO5VKCtufy8yMhc34S8TB:/El3GvJYfS8Ru+onZKO5am4S8T

Score
10/10
redlinegromeinfostealer

Malware Config

Extracted

Family

redline

Botnet

grome

C2

77.91.124.86:19084

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 6 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 26 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.1183c7c1c8babfb56816b3d45e2c5a60.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1183c7c1c8babfb56816b3d45e2c5a60.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2692
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
        PID:2896
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        2⤵
          PID:2768
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
          2⤵
            PID:2736

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2736-0-0x0000000000400000-0x000000000043E000-memory.dmp
          Filesize

          248KB

          Download
        • memory/2736-1-0x0000000000400000-0x000000000043E000-memory.dmp
          Filesize

          248KB

          Download
        • memory/2736-2-0x0000000000400000-0x000000000043E000-memory.dmp
          Filesize

          248KB

          Download
        • memory/2736-3-0x0000000000400000-0x000000000043E000-memory.dmp
          Filesize

          248KB

          Download
        • memory/2736-4-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp
          Filesize

          4KB

          Download
        • memory/2736-5-0x0000000000400000-0x000000000043E000-memory.dmp
          Filesize

          248KB

          Download
        • memory/2736-7-0x0000000000400000-0x000000000043E000-memory.dmp
          Filesize

          248KB

          Download
        • memory/2736-9-0x0000000000400000-0x000000000043E000-memory.dmp
          Filesize

          248KB

          Download
        • memory/2736-10-0x0000000074930000-0x000000007501E000-memory.dmp
          Filesize

          6.9MB

          Download
        • memory/2736-11-0x0000000000840000-0x0000000000880000-memory.dmp
          Filesize

          256KB

          Download
        • memory/2736-12-0x0000000074930000-0x000000007501E000-memory.dmp
          Filesize

          6.9MB

          Download
        • memory/2736-13-0x0000000000840000-0x0000000000880000-memory.dmp
          Filesize

          256KB

          Download