Overview

overview

10

Static

static

3

07ebb70eb0...5f.exe

windows7-x64

3

07ebb70eb0...5f.exe

windows10-2004-x64

10

0b4bb67302...ca.exe

windows10-2004-x64

9

0fbb8ff4cb...49.exe

windows10-2004-x64

10

108e20eafa...c7.exe

windows7-x64

3

108e20eafa...c7.exe

windows10-2004-x64

10

1522207077...0f.exe

windows10-2004-x64

10

23fcf9bc69...25.exe

windows10-2004-x64

10

2ca9135451...23.exe

windows7-x64

3

2ca9135451...23.exe

windows10-2004-x64

10

42f53acaac...33.exe

windows10-2004-x64

10

45af188d23...c0.exe

windows10-2004-x64

10

82fa18f52c...32.exe

windows7-x64

3

82fa18f52c...32.exe

windows10-2004-x64

10

8672d19897...4f.exe

windows10-2004-x64

10

8ceedf9abd...f7.exe

windows10-2004-x64

10

99cc81196c...15.exe

windows7-x64

3

99cc81196c...15.exe

windows10-2004-x64

10

a2aa61942b...83.exe

windows7-x64

3

a2aa61942b...83.exe

windows10-2004-x64

10

c467adbd48...9e.exe

windows10-2004-x64

10

f7dfe59831...a0.exe

windows10-2004-x64

10

fc29a80a1c...7d.exe

windows10-2004-x64

10

fdc14a13fe...6d.exe

windows7-x64

fdc14a13fe...6d.exe

windows10-2004-x64

Analysis

  • max time kernel
    131s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-05-2024 10:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fc29a80a1c0ea6d57ecb3f789dcbe2b8e849edb11597f13dbeea0b0dedb5237d.exe

  • Size

    316KB

  • MD5

    ef6416e3172e673b5ada872fbed25045

  • SHA1

    699e786014ee414bc2ba9eb3c8018c3374765a61

  • SHA256

    fc29a80a1c0ea6d57ecb3f789dcbe2b8e849edb11597f13dbeea0b0dedb5237d

  • SHA512

    c283fd9662e708d16561fc81193104d8cc90635661d9126c66269ae9f17c964aaa872c01082a70f35416fdf565a8a8b404bc0e037240918c5a8f6fbcd952db9b

  • SSDEEP

    6144:KPy+bnr+vp0yN90QEC96G62nMJWeNy2DrsdeVjoLZu:ZMrDy90Cg2MN9DrsdepOu

Score
10/10
redlinedebroinfostealerpersistence

Malware Config

Extracted

Family

redline

Botnet

debro

C2

185.161.248.75:4132

Attributes
  • auth_value

    18c2c191aebfde5d1787ec8d805a01a8

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fc29a80a1c0ea6d57ecb3f789dcbe2b8e849edb11597f13dbeea0b0dedb5237d.exe
    "C:\Users\Admin\AppData\Local\Temp\fc29a80a1c0ea6d57ecb3f789dcbe2b8e849edb11597f13dbeea0b0dedb5237d.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2816
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\f5235728.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\f5235728.exe
      2⤵
      • Executes dropped EXE
      PID:3516

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\f5235728.exe
    Filesize

    168KB

    MD5

    5b7bda074785473bf934cd06139acac1

    SHA1

    0310d72e89624616b5f2b93a660880f4d25abc27

    SHA256

    2bb3637bf6b44a2988a5b1d7005e7a67fa646e485cc26afdf5e3e25415d6b3fb

    SHA512

    f1cc0ae7f47c854525235559ca114a7e02e6ed38f69de99934ea48ce3e8c50acc1fa0a214e8e2673926c1e932b0e5485ece5381f69f2d54da48e229b0848250f

    Download Submit

  • memory/3516-7-0x00000000745BE000-0x00000000745BF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3516-8-0x00000000009D0000-0x00000000009FE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3516-9-0x0000000002D30000-0x0000000002D36000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3516-10-0x0000000005930000-0x0000000005F48000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/3516-12-0x0000000005350000-0x0000000005362000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3516-11-0x0000000005420000-0x000000000552A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3516-13-0x00000000745B0000-0x0000000074D60000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3516-14-0x00000000053B0000-0x00000000053EC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/3516-15-0x0000000005530000-0x000000000557C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/3516-16-0x00000000745BE000-0x00000000745BF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3516-17-0x00000000745B0000-0x0000000074D60000-memory.dmp

    Filesize

    7.7MB

    Download