Overview

overview

10

Static

static

3

0691b5a648...08.exe

windows10-2004-x64

10

16d27a379d...0f.exe

windows7-x64

3

16d27a379d...0f.exe

windows10-2004-x64

10

2142fb28cf...7f.exe

windows10-2004-x64

7

2590c6aee0...47.exe

windows7-x64

3

2590c6aee0...47.exe

windows10-2004-x64

10

2dfb67bcaf...0e.exe

windows7-x64

3

2dfb67bcaf...0e.exe

windows10-2004-x64

10

37da8385b8...9b.exe

windows7-x64

3

37da8385b8...9b.exe

windows10-2004-x64

10

3aaf26e7fb...53.exe

windows7-x64

3

3aaf26e7fb...53.exe

windows10-2004-x64

10

40299e478c...3e.exe

windows7-x64

3

40299e478c...3e.exe

windows10-2004-x64

10

55b18033bb...53.exe

windows7-x64

3

55b18033bb...53.exe

windows10-2004-x64

10

58f1ac441f...dd.exe

windows7-x64

3

58f1ac441f...dd.exe

windows10-2004-x64

10

6f9c093ac1...fd.exe

windows10-2004-x64

10

88157ed09f...7d.exe

windows10-2004-x64

10

8e29739d0d...c3.exe

windows10-2004-x64

10

9a9db30ba7...e4.exe

windows10-2004-x64

10

ab51d9c4b8...12.exe

windows10-2004-x64

10

b9493d5cc0...9a.exe

windows7-x64

3

b9493d5cc0...9a.exe

windows10-2004-x64

10

d5fab2df25...eb.exe

windows10-2004-x64

10

fab3fc05cf...79.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-05-2024 11:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0691b5a648eb75146ff1c98264b40a610cecafe4f5a7c2399c6ae1e3ab936d08.exe

  • Size

    316KB

  • MD5

    acf2f1e7608dff6d13c0d7eb977d8fae

  • SHA1

    521b70268d2d9ee9b88d92e018cc0b1e1617c2b5

  • SHA256

    0691b5a648eb75146ff1c98264b40a610cecafe4f5a7c2399c6ae1e3ab936d08

  • SHA512

    5ce95cd430ef5c5694cda6c9915d57492b9cc4b41880fc518eaeb4d982f9d4c0bc0e2bf40b58b207af77eadcefb4af7a03f8a8854a81d2592a0e2fcd48a0fa60

  • SSDEEP

    6144:Kyy+bnr+rp0yN90QE296G62nMnLfkhst2o9geNBdlabNE6K:eMrny902g2MnLfBx9gYdlZ

Score
10/10
redlinedebroinfostealerpersistence

Malware Config

Extracted

Family

redline

Botnet

debro

C2

185.161.248.75:4132

Attributes
  • auth_value

    18c2c191aebfde5d1787ec8d805a01a8

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0691b5a648eb75146ff1c98264b40a610cecafe4f5a7c2399c6ae1e3ab936d08.exe
    "C:\Users\Admin\AppData\Local\Temp\0691b5a648eb75146ff1c98264b40a610cecafe4f5a7c2399c6ae1e3ab936d08.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1092
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\f5957030.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\f5957030.exe
      2⤵
      • Executes dropped EXE
      PID:3660

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\f5957030.exe
    Filesize

    168KB

    MD5

    24fcc03280e8514857d0f5d036c1c8f1

    SHA1

    8e14128b1ee347b66292d223b5c8a8de249d6a46

    SHA256

    de022de4f980f527032baaccf14f21c73aae534887b65d8112db10d395ed182a

    SHA512

    1d46f73ec4e2eafc90f6437877eb8123eebd26c200b33f2e600653164917041aeff645b56581e1f0b1b1c10ade0a641232d80d37d1d64ad1b23ec42d30c6739e

    Download Submit

  • memory/3660-7-0x0000000073E3E000-0x0000000073E3F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3660-8-0x0000000000630000-0x000000000065E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3660-9-0x0000000004E50000-0x0000000004E56000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3660-10-0x000000000A9E0000-0x000000000AFF8000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/3660-11-0x000000000A4D0000-0x000000000A5DA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3660-12-0x000000000A3E0000-0x000000000A3F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3660-13-0x000000000A440000-0x000000000A47C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/3660-14-0x0000000073E30000-0x00000000745E0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3660-15-0x00000000027E0000-0x000000000282C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/3660-16-0x0000000073E3E000-0x0000000073E3F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3660-17-0x0000000073E30000-0x00000000745E0000-memory.dmp

    Filesize

    7.7MB

    Download