Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    287s
  • max time network
    298s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    02-05-2024 06:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e668eed8b46eb6cb1b1ed9251661e2ad1a15af6c3073af38857c4ea2edfe8907.exe

  • Size

    1.8MB

  • MD5

    d234d90cef07b0500c3c8003b9599448

  • SHA1

    5d31cc4529ffdbee5251ea9772e6ac98d5ee4f30

  • SHA256

    e668eed8b46eb6cb1b1ed9251661e2ad1a15af6c3073af38857c4ea2edfe8907

  • SHA512

    8bb7edbe8a416d211f75c856d2efecbc582ca8dbde54bb4397b250073c19aa6aa62f39bebfda9cbafbb16534142832dec381a4b24bdc53e8617b978a74bf2c7f

  • SSDEEP

    24576:2j4XqbZVk1s19CWLELdWZ/RT6a9Dhvh9Kg1PW3Ry:h1s19COZpT6a3vag1

Score
10/10
redlinelogsdiller cloud (telegram: @logsdillabot)infostealer

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (Telegram: @logsdillabot)

C2

51.255.152.132:36011

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e668eed8b46eb6cb1b1ed9251661e2ad1a15af6c3073af38857c4ea2edfe8907.exe
    "C:\Users\Admin\AppData\Local\Temp\e668eed8b46eb6cb1b1ed9251661e2ad1a15af6c3073af38857c4ea2edfe8907.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4092
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
        PID:1208
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 324
        2⤵
        • Program crash
        PID:4188

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1208-0-0x0000000000400000-0x000000000043E000-memory.dmp
      Filesize

      248KB

      Download
    • memory/1208-3-0x000000007396E000-0x000000007396F000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1208-5-0x000000000C1C0000-0x000000000C6BE000-memory.dmp
      Filesize

      5.0MB

      Download
    • memory/1208-6-0x000000000BD60000-0x000000000BDF2000-memory.dmp
      Filesize

      584KB

      Download
    • memory/1208-7-0x0000000009320000-0x000000000932A000-memory.dmp
      Filesize

      40KB

      Download
    • memory/1208-8-0x0000000073960000-0x000000007404E000-memory.dmp
      Filesize

      6.9MB

      Download
    • memory/1208-9-0x000000000CCD0000-0x000000000D2D6000-memory.dmp
      Filesize

      6.0MB

      Download
    • memory/1208-10-0x000000000C6C0000-0x000000000C7CA000-memory.dmp
      Filesize

      1.0MB

      Download
    • memory/1208-11-0x000000000BF20000-0x000000000BF32000-memory.dmp
      Filesize

      72KB

      Download
    • memory/1208-12-0x000000000C0C0000-0x000000000C0FE000-memory.dmp
      Filesize

      248KB

      Download
    • memory/1208-13-0x000000000C100000-0x000000000C14B000-memory.dmp
      Filesize

      300KB

      Download
    • memory/1208-18-0x000000007396E000-0x000000007396F000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1208-25-0x0000000073960000-0x000000007404E000-memory.dmp
      Filesize

      6.9MB

      Download