Overview

overview

10

Static

static

10

0x00060000...09.exe

windows7-x64

10

0x00060000...09.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/03/2024, 00:20

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0x0006000000014140-109.exe

  • Size

    172KB

  • MD5

    98db40fd7b9922b16f0ab64e4af487d8

  • SHA1

    c7f247901a8f841ccf2a73f7634a695c24a1bb65

  • SHA256

    8ebf4085b0d273edb9a51b83c26e25fe0041879b75d46ff0dee73e0678cfdce9

  • SHA512

    d67b0536fe98892deba5b9a1c2f8f123d8ac57716d305e47ae48d3552fd9d8bf60a39f7a7996f4e31431b7fa7cad9248a32c3ab74ae6c53874486367eb231b49

  • SSDEEP

    3072:QBF8QOIKbe97H9rWRxNB2NjrOSHy+8e8hg:q8MVdaHMOSHy+

Score
10/10
redlinemaxiinfostealer

Malware Config

Extracted

Family

redline

Botnet

maxi

C2

83.97.73.126:19048

Attributes
  • auth_value

    6a3f22e5f4209b056a3fd330dc71956a

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0x0006000000014140-109.exe
    "C:\Users\Admin\AppData\Local\Temp\0x0006000000014140-109.exe"
    1⤵
      PID:1840
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4432 --field-trial-handle=3084,i,11997299123381683778,5904351605020331957,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:536

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1840-1-0x0000000074580000-0x0000000074D30000-memory.dmp

              Filesize

              7.7MB

              Download

            • memory/1840-0-0x0000000000930000-0x0000000000960000-memory.dmp

              Filesize

              192KB

              Download

            • memory/1840-2-0x0000000002D10000-0x0000000002D16000-memory.dmp

              Filesize

              24KB

              Download

            • memory/1840-3-0x00000000059C0000-0x0000000005FD8000-memory.dmp

              Filesize

              6.1MB

              Download

            • memory/1840-4-0x00000000054B0000-0x00000000055BA000-memory.dmp

              Filesize

              1.0MB

              Download

            • memory/1840-5-0x00000000053C0000-0x00000000053D2000-memory.dmp

              Filesize

              72KB

              Download

            • memory/1840-6-0x0000000005290000-0x00000000052A0000-memory.dmp

              Filesize

              64KB

              Download

            • memory/1840-7-0x0000000005420000-0x000000000545C000-memory.dmp

              Filesize

              240KB

              Download

            • memory/1840-8-0x0000000005460000-0x00000000054AC000-memory.dmp

              Filesize

              304KB

              Download

            • memory/1840-9-0x0000000074580000-0x0000000074D30000-memory.dmp

              Filesize

              7.7MB

              Download

            • memory/1840-10-0x0000000005290000-0x00000000052A0000-memory.dmp

              Filesize

              64KB

              Download