Overview

overview

10

Static

static

10

0x00090000...68.exe

windows7-x64

10

0x00090000...68.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/03/2024, 06:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0x00090000000122e8-68.exe

  • Size

    168KB

  • MD5

    338faa378d4361a3f4e601eabb91cb40

  • SHA1

    4a11358d0f7156a2e1aaec2c722a2e90f97fe9e1

  • SHA256

    74c7ee6ab2c2c7fbc4ef5e9fdcd940f1294cc111787cc906317259112f70273a

  • SHA512

    074b6c697bf1e691422e1f237e2a3ec5f9f1caef74b510960e014b709745574b6c6b1e7f311026afd296d6950f19924e21ef8b67ecceaeddf4b7014e0007ff72

  • SSDEEP

    1536:bO5wJnqlVZRGWbD7irbYzNegMVBq0ZjTGqVQbuVP6yue/b83wYkz8e8hy:bO566sYOqAuqVgc63e/bt8e8hy

Score
10/10
redlinedarminfostealer

Malware Config

Extracted

Family

redline

Botnet

darm

C2

217.196.96.56:4138

Attributes
  • auth_value

    d88ac8ccc04ab9979b04b46313db1648

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0x00090000000122e8-68.exe
    "C:\Users\Admin\AppData\Local\Temp\0x00090000000122e8-68.exe"
    1⤵
      PID:5100
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4152 --field-trial-handle=2304,i,7548677271533893574,11048237606705436109,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:4032

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/5100-0-0x0000000000750000-0x0000000000780000-memory.dmp

        Filesize

        192KB

        Download

      • memory/5100-1-0x0000000075180000-0x0000000075930000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/5100-2-0x0000000002CD0000-0x0000000002CD6000-memory.dmp

        Filesize

        24KB

        Download

      • memory/5100-3-0x00000000057D0000-0x0000000005DE8000-memory.dmp

        Filesize

        6.1MB

        Download

      • memory/5100-4-0x00000000052C0000-0x00000000053CA000-memory.dmp

        Filesize

        1.0MB

        Download

      • memory/5100-6-0x00000000050A0000-0x00000000050B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5100-5-0x00000000051D0000-0x00000000051E2000-memory.dmp

        Filesize

        72KB

        Download

      • memory/5100-7-0x0000000005230000-0x000000000526C000-memory.dmp

        Filesize

        240KB

        Download

      • memory/5100-8-0x0000000005270000-0x00000000052BC000-memory.dmp

        Filesize

        304KB

        Download

      • memory/5100-9-0x0000000075180000-0x0000000075930000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/5100-10-0x00000000050A0000-0x00000000050B0000-memory.dmp

        Filesize

        64KB

        Download