Analysis
-
max time kernel
146s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
09-04-2024 22:37
General
-
Target
54a764920f77d7fa6e0362c87fef1a00.exe
-
Size
1.3MB
-
MD5
54a764920f77d7fa6e0362c87fef1a00
-
SHA1
bf50ce0c1086fe415dea79aecc1f484922a3a723
-
SHA256
5e9bcca94777fe32ffbf38991c2d7123b26bc0e7bc7a347683f66d19d298fa57
-
SHA512
3839b7344a2ca58bc9bc0bd89cc05325aa009f013865728c237f2d26a56c430a07b71aa5a36e503393e48ba592f3a3d245d5df117f117735406e2a9c157da4fb
-
SSDEEP
24576:U+f89nBWLj7rv8/VOWEsS0rfB2f4w/mWCOjwWKQBXFoLi:UAKnBs7rmVEkbfM9CxGX2L
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
1
C2
77.221.156.45:18734
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 16 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\54a764920f77d7fa6e0362c87fef1a00.exe"C:\Users\Admin\AppData\Local\Temp\54a764920f77d7fa6e0362c87fef1a00.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1956-0-0x0000000001280000-0x0000000001654000-memory.dmpFilesize
3.8MB
-
memory/1956-2-0x0000000074410000-0x0000000074AFE000-memory.dmpFilesize
6.9MB
-
memory/1956-1-0x0000000001280000-0x0000000001654000-memory.dmpFilesize
3.8MB
-
memory/1956-3-0x00000000010F0000-0x0000000001130000-memory.dmpFilesize
256KB
-
memory/1956-6-0x0000000074410000-0x0000000074AFE000-memory.dmpFilesize
6.9MB
-
memory/1956-7-0x00000000010F0000-0x0000000001130000-memory.dmpFilesize
256KB