Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    299s
  • max time network
    300s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    02-05-2024 06:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dbb7984df83f7a7bf7dd3335d963839f9dec74fc7cb83cea840ec2141949cf46.exe

  • Size

    1.7MB

  • MD5

    cd956b35a1378870c1aafd2d2d5a6621

  • SHA1

    3dc055ee508e725b648566284cd76eee987d20f0

  • SHA256

    dbb7984df83f7a7bf7dd3335d963839f9dec74fc7cb83cea840ec2141949cf46

  • SHA512

    e194d936dee2fb0c4a91ada07a43353df877a185d85176c06619d6264ae9d3b53e31af92ee50cfb90d27c9330ed8bcf9e01629835796b3105684ec5e7e4b40cd

  • SSDEEP

    49152:VFKcjeOqD/WNb+1hY4fOVlT/DKu9Lq7V9B8:VFS/Yb+1hY4fOVlT/DKu9Lq

Score
10/10
redlineinfostealer

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • Uses the VBS compiler for execution 1 TTPs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dbb7984df83f7a7bf7dd3335d963839f9dec74fc7cb83cea840ec2141949cf46.exe
    "C:\Users\Admin\AppData\Local\Temp\dbb7984df83f7a7bf7dd3335d963839f9dec74fc7cb83cea840ec2141949cf46.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4904
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
      2⤵
        PID:1124

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1124-15-0x00000000732A0000-0x000000007398E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/1124-17-0x000000000B250000-0x000000000B262000-memory.dmp

      Filesize

      72KB

      Download

    • memory/1124-2-0x0000000000150000-0x00000000001AA000-memory.dmp

      Filesize

      360KB

      Download

    • memory/1124-128-0x00000000732A0000-0x000000007398E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/1124-121-0x00000000732AE000-0x00000000732AF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1124-12-0x000000000B650000-0x000000000BB4E000-memory.dmp

      Filesize

      5.0MB

      Download

    • memory/1124-20-0x000000000B300000-0x000000000B34B000-memory.dmp

      Filesize

      300KB

      Download

    • memory/1124-13-0x000000000B150000-0x000000000B1E2000-memory.dmp

      Filesize

      584KB

      Download

    • memory/1124-10-0x00000000732AE000-0x00000000732AF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1124-16-0x000000000C160000-0x000000000C766000-memory.dmp

      Filesize

      6.0MB

      Download

    • memory/1124-14-0x00000000009B0000-0x00000000009BA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/1124-18-0x000000000B4F0000-0x000000000B5FA000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/1124-19-0x000000000B2B0000-0x000000000B2EE000-memory.dmp

      Filesize

      248KB

      Download

    • memory/4904-1-0x000000000037F000-0x0000000000380000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4904-0-0x0000000000220000-0x000000000042D000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/4904-9-0x0000000000220000-0x000000000042D000-memory.dmp

      Filesize

      2.1MB

      Download