Overview

overview

10

Static

static

10

0x00070000...17.exe

windows7-x64

10

0x00070000...17.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-03-2024 04:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0x000700000001339d-117.exe

  • Size

    145KB

  • MD5

    599e36596e0333adb952b5da849da468

  • SHA1

    58d515f27e6745ecdc0b611d55b6f7d2deec4a3f

  • SHA256

    55cc9673b811f0890f87499a55a74b7e99c1c40c85f090683f917d8dfe5f38c5

  • SHA512

    eb3d87f02abd3b5bf0e37a444e61b20579ee9404e42a032d95d57a962e0fd6bcb9e49214ee7b8245bab9d1606a2552751a64cee5a3b6a657d94b46124a303aca

  • SSDEEP

    3072:FV+m5chQmRSZkJaj+5oxvtXwkXh0Za8e8hM:FjE1GnRXh0Q

Score
10/10
redlinedereninfostealer

Malware Config

Extracted

Family

redline

Botnet

deren

C2

77.91.68.253:19065

Attributes
  • auth_value

    04a169f1fb198bfbeca74d0e06ea2d54

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0x000700000001339d-117.exe
    "C:\Users\Admin\AppData\Local\Temp\0x000700000001339d-117.exe"
    1⤵
      PID:2576

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2576-0-0x0000000000490000-0x00000000004BA000-memory.dmp

      Filesize

      168KB

      Download

    • memory/2576-1-0x0000000074C30000-0x00000000753E0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2576-3-0x0000000004F00000-0x000000000500A000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/2576-2-0x00000000053F0000-0x0000000005A08000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/2576-5-0x0000000004E10000-0x0000000004E20000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2576-4-0x0000000004E40000-0x0000000004E52000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2576-6-0x0000000004EA0000-0x0000000004EDC000-memory.dmp

      Filesize

      240KB

      Download

    • memory/2576-7-0x0000000005010000-0x000000000505C000-memory.dmp

      Filesize

      304KB

      Download

    • memory/2576-8-0x0000000074C30000-0x00000000753E0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2576-9-0x0000000004E10000-0x0000000004E20000-memory.dmp

      Filesize

      64KB

      Download