Overview

overview

10

Static

static

1

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    287s
  • max time network
    297s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    02-05-2024 06:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b476179f38e223e7ab7f153fd8a0dd1bc382aa4265242b3b632e0f10c5ab0125.exe

  • Size

    291KB

  • MD5

    926df3701c6b893b25b319ce19e75291

  • SHA1

    b423559901c4b9ab643b385e2e09cd1915a39c58

  • SHA256

    b476179f38e223e7ab7f153fd8a0dd1bc382aa4265242b3b632e0f10c5ab0125

  • SHA512

    8213aa94a9bfb06e20719189b3bba55ceda642706db94affc9150d6f1cbbda774eb7ab3d479c0b63682ea63f994d7cad557e25f14f8305badebda2443ad72244

  • SSDEEP

    3072:KdY+6LDDhKVa6eQVy6PXcqIRZDVuScrOmNgut071nobhRmaxWrTse8K8hBVceJ2U:iYhhKVa6eePtIRJgSeOmNZpWrTsEhK1

Score
10/10
redline@oleh_psinfostealer

Malware Config

Extracted

Family

redline

Botnet

@oleh_ps

C2

194.169.175.235:42691

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b476179f38e223e7ab7f153fd8a0dd1bc382aa4265242b3b632e0f10c5ab0125.exe
    "C:\Users\Admin\AppData\Local\Temp\b476179f38e223e7ab7f153fd8a0dd1bc382aa4265242b3b632e0f10c5ab0125.exe"
    1⤵
      PID:2220

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2220-1-0x00000000003C0000-0x00000000003FE000-memory.dmp

      Filesize

      248KB

      Download

    • memory/2220-4-0x0000000000401000-0x0000000000403000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2220-5-0x0000000000400000-0x000000000044A000-memory.dmp

      Filesize

      296KB

      Download