Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
07-03-2024 23:47
General
-
Target
0x00080000000122f9-83.exe
-
Size
172KB
-
MD5
e8147deb8ad55433937c3df822f651ab
-
SHA1
c626978090fff7d59cfab2110acc07e07ed54dd4
-
SHA256
db5f5ac69d40eedbc8a031765f5cdba54e67ba2c8e2124d28be4dfc062965635
-
SHA512
867d3545b74d9661281a649cf6888523c73e73d8afb73644cd61911c05039542ffc27639ab49d7ab1419cd85a9d2a86be3598b6117d62dccf35cee17d141f333
-
SSDEEP
3072:sOPxkahkUcphQF470xNe0QA6AKlhA8e8hU:PPJexvAKlhA
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
diza
C2
83.97.73.126:19048
Attributes
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0x00080000000122f9-83.exe"C:\Users\Admin\AppData\Local\Temp\0x00080000000122f9-83.exe"1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2244-0-0x0000000000660000-0x0000000000690000-memory.dmpFilesize
192KB
-
memory/2244-1-0x0000000075250000-0x0000000075A00000-memory.dmpFilesize
7.7MB
-
memory/2244-2-0x0000000001040000-0x0000000001046000-memory.dmpFilesize
24KB
-
memory/2244-3-0x00000000055E0000-0x0000000005BF8000-memory.dmpFilesize
6.1MB
-
memory/2244-4-0x00000000050D0000-0x00000000051DA000-memory.dmpFilesize
1.0MB
-
memory/2244-5-0x0000000002A50000-0x0000000002A62000-memory.dmpFilesize
72KB
-
memory/2244-6-0x0000000001070000-0x0000000001080000-memory.dmpFilesize
64KB
-
memory/2244-7-0x0000000005000000-0x000000000503C000-memory.dmpFilesize
240KB
-
memory/2244-8-0x0000000005040000-0x000000000508C000-memory.dmpFilesize
304KB
-
memory/2244-9-0x0000000075250000-0x0000000075A00000-memory.dmpFilesize
7.7MB
-
memory/2244-10-0x0000000001070000-0x0000000001080000-memory.dmpFilesize
64KB