Overview

overview

10

Static

static

3

1668096fbf...95.exe

windows10-2004-x64

10

2159151861...2d.exe

windows10-2004-x64

10

22c5bd0a3e...19.exe

windows10-2004-x64

10

2a0ae333a9...1a.exe

windows7-x64

3

2a0ae333a9...1a.exe

windows10-2004-x64

10

4f86d48b3d...df.exe

windows10-2004-x64

10

53ecffef24...36.exe

windows10-2004-x64

10

75ccbf328f...af.exe

windows10-2004-x64

10

77ba6e9303...c2.exe

windows10-2004-x64

10

798aee8abb...5b.exe

windows10-2004-x64

10

79eaddd1dc...70.exe

windows10-2004-x64

10

80ada740eb...52.exe

windows10-2004-x64

10

9e3cf610e6...f0.exe

windows7-x64

10

9e3cf610e6...f0.exe

windows10-2004-x64

10

a5bd0160df...49.exe

windows10-2004-x64

10

aee53fccee...da.exe

windows10-2004-x64

10

af9c5ff480...30.exe

windows7-x64

3

af9c5ff480...30.exe

windows10-2004-x64

10

bfe644d3bd...29.exe

windows10-2004-x64

10

ca9f078739...a4.exe

windows10-2004-x64

10

dda511575f...2f.exe

windows10-2004-x64

10

ff541e0752...bb.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-05-2024 08:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9e3cf610e66102e164150efe5b2dee630cac04b4e4e29770c91180e956b39df0.exe

  • Size

    1.1MB

  • MD5

    74528821220b4f1ffd8a0c91852abd0f

  • SHA1

    2e9219f3fdb0e6341840bf9c58cfc4fca352338b

  • SHA256

    9e3cf610e66102e164150efe5b2dee630cac04b4e4e29770c91180e956b39df0

  • SHA512

    27769622b4c8807c63c8ebee8e166f1fd46fa5cb606f0b54df9fa3f6364ea684011e0e5f749546ffc4c530959deb784c99e52aef2e93228889d9e3225a35577e

  • SSDEEP

    12288:9AxJ1c9psKtwW7IhuOXUPJuI85i8gTohuVohatk6j0O/H9lm0:9i1c9psKtwW7m3iM5i8VKtvj0GH9l

Score
10/10
redlinebrehainfostealer

Malware Config

Extracted

Family

redline

Botnet

breha

C2

77.91.124.55:19071

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9e3cf610e66102e164150efe5b2dee630cac04b4e4e29770c91180e956b39df0.exe
    "C:\Users\Admin\AppData\Local\Temp\9e3cf610e66102e164150efe5b2dee630cac04b4e4e29770c91180e956b39df0.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3088
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
        PID:4000
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 204
        2⤵
        • Program crash
        PID:1332
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 3088 -ip 3088
      1⤵
        PID:2292

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4000-0-0x0000000000400000-0x000000000043E000-memory.dmp

        Filesize

        248KB

        Download

      • memory/4000-1-0x000000007449E000-0x000000007449F000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4000-2-0x0000000007CB0000-0x0000000008254000-memory.dmp

        Filesize

        5.6MB

        Download

      • memory/4000-3-0x00000000077E0000-0x0000000007872000-memory.dmp

        Filesize

        584KB

        Download

      • memory/4000-4-0x0000000004DC0000-0x0000000004DCA000-memory.dmp

        Filesize

        40KB

        Download

      • memory/4000-5-0x0000000074490000-0x0000000074C40000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/4000-6-0x0000000008880000-0x0000000008E98000-memory.dmp

        Filesize

        6.1MB

        Download

      • memory/4000-7-0x0000000008260000-0x000000000836A000-memory.dmp

        Filesize

        1.0MB

        Download

      • memory/4000-8-0x0000000007B20000-0x0000000007B32000-memory.dmp

        Filesize

        72KB

        Download

      • memory/4000-9-0x0000000007B80000-0x0000000007BBC000-memory.dmp

        Filesize

        240KB

        Download

      • memory/4000-10-0x0000000007BC0000-0x0000000007C0C000-memory.dmp

        Filesize

        304KB

        Download

      • memory/4000-11-0x000000007449E000-0x000000007449F000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4000-12-0x0000000074490000-0x0000000074C40000-memory.dmp

        Filesize

        7.7MB

        Download