Overview

overview

10

Static

static

3

D7D172CFF6...88.exe

windows7-x64

10

D7D172CFF6...88.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    0s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/01/2024, 04:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    D7D172CFF6A8E34CAF45BE8C2E945688.exe

  • Size

    1.6MB

  • MD5

    d7d172cff6a8e34caf45be8c2e945688

  • SHA1

    047e098d434a9857633057255530bb3bf04a23b0

  • SHA256

    31fb4e3de00fdb16562c1b03088df5245e45a49fb3646c90f1e5df0e9bc0acd0

  • SHA512

    aa06edc23b40987e34dac237aa16c01033f550a629afcbddb555edc8dc647c0487446c00e0b0d89bf65810e5e5f09c7f2db8b86c070f7f8a6b75d85427479123

  • SSDEEP

    49152:EsvEGGZ4xCqB5AyNmwFQmYDMgwgUnr0Xf+:EsNcBkmwF3XRrc+

Score
10/10
redlinereklaminfostealer

Malware Config

Extracted

Family

redline

Botnet

Reklam

C2

193.233.254.4:13200

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\D7D172CFF6A8E34CAF45BE8C2E945688.exe
    "C:\Users\Admin\AppData\Local\Temp\D7D172CFF6A8E34CAF45BE8C2E945688.exe"
    1⤵
      PID:1912
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RarSFX0\1.bat" "
        2⤵
          PID:1796
      • C:\Users\Admin\AppData\Local\Temp\RarSFX0\work.exe
        work.exe -priverdD
        1⤵
          PID:1476
          • C:\Users\Admin\AppData\Local\Temp\RarSFX1\koda.exe
            "C:\Users\Admin\AppData\Local\Temp\RarSFX1\koda.exe"
            2⤵
              PID:1124

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\RarSFX0\1.bat
            Filesize

            35B

            MD5

            ff59d999beb970447667695ce3273f75

            SHA1

            316fa09f467ba90ac34a054daf2e92e6e2854ff8

            SHA256

            065d2b17ad499587dc9de7ee9ecda4938b45da1df388bc72e6627dff220f64d2

            SHA512

            d5ac72cb065a3cd3cb118a69a2f356314eeed24dcb4880751e1a3683895e66cedc62607967e29f77a0c27adf1c9fe0efd86e804f693f0a63a5b51b0bf0056b5d

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\RarSFX0\work.exe
            Filesize

            92KB

            MD5

            31a6c500ce665f965dc5a20971ae91f2

            SHA1

            f73f71908a10b5503380f0bb08c3cc55a2f40d7a

            SHA256

            2e81e4610c6347df88c8a492c18ff76e9885f0b8c148415ec4e207b0653c6a76

            SHA512

            ed2478553067937dad37ae43d158c3942fff8cf7d7e716ce88012efde2a953a5b56f760c8b9ad42bc2ce7711ad5dc518e26dbb7505734904843c24cac8e41944

            Download Submit

          • memory/1124-29-0x0000000006E70000-0x0000000007488000-memory.dmp

            Filesize

            6.1MB

            Download

          • memory/1124-32-0x00000000060F0000-0x000000000612C000-memory.dmp

            Filesize

            240KB

            Download

          • memory/1124-24-0x0000000072AC0000-0x0000000073270000-memory.dmp

            Filesize

            7.7MB

            Download

          • memory/1124-26-0x0000000005DF0000-0x0000000005E82000-memory.dmp

            Filesize

            584KB

            Download

          • memory/1124-25-0x00000000062A0000-0x0000000006844000-memory.dmp

            Filesize

            5.6MB

            Download

          • memory/1124-27-0x0000000006060000-0x0000000006070000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1124-28-0x0000000005DC0000-0x0000000005DCA000-memory.dmp

            Filesize

            40KB

            Download

          • memory/1124-22-0x0000000000A30000-0x0000000000E02000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/1124-31-0x0000000006090000-0x00000000060A2000-memory.dmp

            Filesize

            72KB

            Download

          • memory/1124-23-0x0000000000A30000-0x0000000000E02000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/1124-33-0x0000000006130000-0x000000000617C000-memory.dmp

            Filesize

            304KB

            Download

          • memory/1124-30-0x0000000006180000-0x000000000628A000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/1124-34-0x0000000006990000-0x00000000069F6000-memory.dmp

            Filesize

            408KB

            Download

          • memory/1124-35-0x0000000007A20000-0x0000000007BE2000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/1124-36-0x0000000008120000-0x000000000864C000-memory.dmp

            Filesize

            5.2MB

            Download

          • memory/1124-37-0x00000000079C0000-0x0000000007A10000-memory.dmp

            Filesize

            320KB

            Download

          • memory/1124-39-0x0000000000A30000-0x0000000000E02000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/1124-41-0x0000000072AC0000-0x0000000073270000-memory.dmp

            Filesize

            7.7MB

            Download

          • memory/1124-42-0x0000000006060000-0x0000000006070000-memory.dmp

            Filesize

            64KB

            Download