Overview

overview

10

Static

static

3

0c6c2d0289...f8.exe

windows10-2004-x64

10

149fc3f5cd...c0.exe

windows10-2004-x64

10

17abfd1473...cb.exe

windows7-x64

17abfd1473...cb.exe

windows10-2004-x64

17fde5d9ca...37.exe

windows10-2004-x64

10

51b44e7fef...e7.exe

windows7-x64

3

51b44e7fef...e7.exe

windows10-2004-x64

10

5edd9114ea...eb.exe

windows10-2004-x64

10

607e9555a1...15.exe

windows10-2004-x64

10

771bceb036...61.exe

windows7-x64

3

771bceb036...61.exe

windows10-2004-x64

10

86c5796c09...91.exe

windows10-2004-x64

10

8e17ec5c24...4f.exe

windows10-2004-x64

10

9d868256e0...f2.exe

windows7-x64

3

9d868256e0...f2.exe

windows10-2004-x64

10

a4fbd5dfa9...dd.exe

windows7-x64

10

a4fbd5dfa9...dd.exe

windows10-2004-x64

10

ab04398202...f0.exe

windows7-x64

3

ab04398202...f0.exe

windows10-2004-x64

10

ae84a96154...3c.exe

windows7-x64

3

ae84a96154...3c.exe

windows10-2004-x64

10

b6d80ad1fb...61.exe

windows7-x64

3

b6d80ad1fb...61.exe

windows10-2004-x64

10

bdc8be1708...f2.exe

windows10-2004-x64

10

e50229ae81...53.exe

windows10-2004-x64

10

e74fd85e9a...2a.exe

windows7-x64

3

e74fd85e9a...2a.exe

windows10-2004-x64

10

f09814000e...42.exe

windows7-x64

3

f09814000e...42.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-05-2024 08:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0c6c2d02897cd3a48d87eb9ffccb7da326368f5af9973827701f7f11a02f33f8.exe

  • Size

    488KB

  • MD5

    6db49a95e667692ec21e46a40379b81f

  • SHA1

    2d4a57435a5ff349ac5b9db8485a4a1e7d4aa700

  • SHA256

    0c6c2d02897cd3a48d87eb9ffccb7da326368f5af9973827701f7f11a02f33f8

  • SHA512

    ef16e77b5398ce12031a69603d9a0c8a97661193e88e1d8f3cefd8e6848f7044554feade11190d0b580901894a11aea539d7715156bd91b02c075579a9c53329

  • SSDEEP

    6144:KHy+bnr+ap0yN90QE8japPvZZXrsPZ0zNuxthOHHpHhzv9XDc6WtTcQ7Zlo7s:lMrGy90nj7sZ0zNWIdhRXDcVtTcWHoI

Score
10/10
redlinedebroinfostealerpersistence

Malware Config

Extracted

Family

redline

Botnet

debro

C2

185.161.248.75:4132

Attributes
  • auth_value

    18c2c191aebfde5d1787ec8d805a01a8

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 2 IoCs
  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0c6c2d02897cd3a48d87eb9ffccb7da326368f5af9973827701f7f11a02f33f8.exe
    "C:\Users\Admin\AppData\Local\Temp\0c6c2d02897cd3a48d87eb9ffccb7da326368f5af9973827701f7f11a02f33f8.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:3588
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\x8040960.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\x8040960.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:3172
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\f8594975.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\f8594975.exe
        3⤵
        • Executes dropped EXE
        PID:4584

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\x8040960.exe
    Filesize

    316KB

    MD5

    615269e97f8005dfc3152683f5d02a7c

    SHA1

    116bb50aa0a3cb1ab8bf9073d74285345772aa36

    SHA256

    b564c7d66b835f031b882f6d0377e051cff14795584ea7bd34dc4552cd7fb7d4

    SHA512

    1ddc985a2a9c4a6207d413cc02ce95e30b7ee76e19c971c92ed2222ca164cb1433ea52c35d3b2a3ba8f4b5fb52b63a982af5bb627c97209505585ff63b503ef3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\f8594975.exe
    Filesize

    168KB

    MD5

    7d03b32d830d2b1ca87ed15f1b4ed47f

    SHA1

    f2b13e48e91e5aac429921ae40e868518bfa80f5

    SHA256

    2b38b49dbbbb0d078179250736b369715cd60c17ce6b4492cc38b6e579be6154

    SHA512

    ca6705962c52ffad4a228d5eca37d385214994c4e45dd600d4777851687115b1eae7cd00803e961461f5cbe38392deb1551351fb21ae131678beb3a8e3f478cf

    Download Submit

  • memory/4584-14-0x00000000747AE000-0x00000000747AF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4584-15-0x0000000000F80000-0x0000000000FAE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/4584-16-0x0000000003160000-0x0000000003166000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4584-19-0x0000000005830000-0x0000000005842000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4584-18-0x0000000005BC0000-0x0000000005CCA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4584-20-0x0000000005AB0000-0x0000000005AEC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4584-21-0x00000000747A0000-0x0000000074F50000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4584-17-0x00000000060D0000-0x00000000066E8000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/4584-22-0x0000000005AF0000-0x0000000005B3C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/4584-23-0x00000000747AE000-0x00000000747AF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4584-24-0x00000000747A0000-0x0000000074F50000-memory.dmp

    Filesize

    7.7MB

    Download