Overview

overview

10

Static

static

10

0x00080000...18.exe

windows7-x64

10

0x00080000...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-03-2024 15:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0x000800000001231c-118.exe

  • Size

    172KB

  • MD5

    51a410e75a3a91724d367284912caab0

  • SHA1

    41bca830ff1d9ae9c0fe352add5b2b50c96a94f8

  • SHA256

    0b9627850984840f0d51cb86f67876083a9088ae105339a32a800911ecab4ab6

  • SHA512

    b24b5bce982ce75c1f465eeea17f5fab089cae9b5e4893fdbeac763ce4a212423963b94ea53c1e27c58ecbeec68664f881e9f0d07b60a8d9937814a3faa0d48a

  • SSDEEP

    1536:skPZ36sv0W7TVOn0urHrj7mZvDZZTwIt1xN9UYQrfbutXN3o0oQo0GkRY8e8hL:skXYz3slZvt1xNZOqG0oQob8e8hL

Score
10/10
redlinemaxiinfostealer

Malware Config

Extracted

Family

redline

Botnet

maxi

C2

83.97.73.130:19061

Attributes
  • auth_value

    6a3f22e5f4209b056a3fd330dc71956a

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0x000800000001231c-118.exe
    "C:\Users\Admin\AppData\Local\Temp\0x000800000001231c-118.exe"
    1⤵
      PID:3872
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1348 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:3592

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3872-0-0x00000000747C0000-0x0000000074F70000-memory.dmp
        Filesize

        7.7MB

        Download
      • memory/3872-1-0x00000000005F0000-0x0000000000620000-memory.dmp
        Filesize

        192KB

        Download
      • memory/3872-2-0x00000000029D0000-0x00000000029D6000-memory.dmp
        Filesize

        24KB

        Download
      • memory/3872-3-0x000000000AA10000-0x000000000B028000-memory.dmp
        Filesize

        6.1MB

        Download
      • memory/3872-4-0x000000000A550000-0x000000000A65A000-memory.dmp
        Filesize

        1.0MB

        Download
      • memory/3872-6-0x0000000005060000-0x0000000005070000-memory.dmp
        Filesize

        64KB

        Download
      • memory/3872-5-0x000000000A490000-0x000000000A4A2000-memory.dmp
        Filesize

        72KB

        Download
      • memory/3872-7-0x000000000A4F0000-0x000000000A52C000-memory.dmp
        Filesize

        240KB

        Download
      • memory/3872-8-0x000000000A660000-0x000000000A6AC000-memory.dmp
        Filesize

        304KB

        Download
      • memory/3872-9-0x00000000747C0000-0x0000000074F70000-memory.dmp
        Filesize

        7.7MB

        Download
      • memory/3872-10-0x0000000005060000-0x0000000005070000-memory.dmp
        Filesize

        64KB

        Download