Analysis

  • max time kernel
    34s
  • max time network
    35s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-05-2024 01:21

General

  • Target

    003ed8d254100143b754e858ec6744b230b703634eb73083ca68b955f7563e7c.exe

  • Size

    345KB

  • MD5

    70f89fca6b4c567a01bb11bf35f6c97b

  • SHA1

    145d3fa79d4abb850be566f985ab8f5aa82b1007

  • SHA256

    003ed8d254100143b754e858ec6744b230b703634eb73083ca68b955f7563e7c

  • SHA512

    2b24b525a66e7686929dbe4c6b1076818b65d0d9f6919d5e0f4599bc056f7d5c78b9b79b3f5e8c4f20f53e2be738f1d3128b6b137a0a2fce6a26e6e9b34071af

  • SSDEEP

    6144:aOuEAIGL/9jUxx8PNSjBM4/5lfKOGQ80sh3A7U1ZycH1ZJbmnOYBf:a1EtGj9jUPg25ggYUk9VZJbmOU

Malware Config

Extracted

Family

redline

Botnet

neruzki

C2

193.106.191.22:47242

Attributes
  • auth_value

    be14ae67c6dd227f622680a27ea42452

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  • RedLine payload 35 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\003ed8d254100143b754e858ec6744b230b703634eb73083ca68b955f7563e7c.exe
    "C:\Users\Admin\AppData\Local\Temp\003ed8d254100143b754e858ec6744b230b703634eb73083ca68b955f7563e7c.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4484-1-0x0000000000930000-0x0000000000A30000-memory.dmp

    Filesize

    1024KB

  • memory/4484-2-0x0000000000850000-0x00000000008A9000-memory.dmp

    Filesize

    356KB

  • memory/4484-3-0x0000000000400000-0x000000000045C000-memory.dmp

    Filesize

    368KB

  • memory/4484-4-0x0000000000400000-0x00000000005B1000-memory.dmp

    Filesize

    1.7MB

  • memory/4484-5-0x00000000024C0000-0x000000000250C000-memory.dmp

    Filesize

    304KB

  • memory/4484-7-0x0000000002570000-0x00000000025B8000-memory.dmp

    Filesize

    288KB

  • memory/4484-6-0x0000000005080000-0x0000000005624000-memory.dmp

    Filesize

    5.6MB

  • memory/4484-67-0x0000000002570000-0x00000000025B4000-memory.dmp

    Filesize

    272KB

  • memory/4484-71-0x0000000002570000-0x00000000025B4000-memory.dmp

    Filesize

    272KB

  • memory/4484-69-0x0000000002570000-0x00000000025B4000-memory.dmp

    Filesize

    272KB

  • memory/4484-65-0x0000000002570000-0x00000000025B4000-memory.dmp

    Filesize

    272KB

  • memory/4484-64-0x0000000002570000-0x00000000025B4000-memory.dmp

    Filesize

    272KB

  • memory/4484-61-0x0000000002570000-0x00000000025B4000-memory.dmp

    Filesize

    272KB

  • memory/4484-59-0x0000000002570000-0x00000000025B4000-memory.dmp

    Filesize

    272KB

  • memory/4484-57-0x0000000002570000-0x00000000025B4000-memory.dmp

    Filesize

    272KB

  • memory/4484-802-0x0000000004EE0000-0x0000000004FEA000-memory.dmp

    Filesize

    1.0MB

  • memory/4484-803-0x00000000027B0000-0x00000000027EC000-memory.dmp

    Filesize

    240KB

  • memory/4484-801-0x0000000002790000-0x00000000027A2000-memory.dmp

    Filesize

    72KB

  • memory/4484-800-0x0000000005630000-0x0000000005C48000-memory.dmp

    Filesize

    6.1MB

  • memory/4484-53-0x0000000002570000-0x00000000025B4000-memory.dmp

    Filesize

    272KB

  • memory/4484-51-0x0000000002570000-0x00000000025B4000-memory.dmp

    Filesize

    272KB

  • memory/4484-49-0x0000000002570000-0x00000000025B4000-memory.dmp

    Filesize

    272KB

  • memory/4484-804-0x0000000004FF0000-0x000000000503C000-memory.dmp

    Filesize

    304KB

  • memory/4484-45-0x0000000002570000-0x00000000025B4000-memory.dmp

    Filesize

    272KB

  • memory/4484-43-0x0000000002570000-0x00000000025B4000-memory.dmp

    Filesize

    272KB

  • memory/4484-39-0x0000000002570000-0x00000000025B4000-memory.dmp

    Filesize

    272KB

  • memory/4484-37-0x0000000002570000-0x00000000025B4000-memory.dmp

    Filesize

    272KB

  • memory/4484-33-0x0000000002570000-0x00000000025B4000-memory.dmp

    Filesize

    272KB

  • memory/4484-31-0x0000000002570000-0x00000000025B4000-memory.dmp

    Filesize

    272KB

  • memory/4484-27-0x0000000002570000-0x00000000025B4000-memory.dmp

    Filesize

    272KB

  • memory/4484-25-0x0000000002570000-0x00000000025B4000-memory.dmp

    Filesize

    272KB

  • memory/4484-23-0x0000000002570000-0x00000000025B4000-memory.dmp

    Filesize

    272KB

  • memory/4484-19-0x0000000002570000-0x00000000025B4000-memory.dmp

    Filesize

    272KB

  • memory/4484-11-0x0000000002570000-0x00000000025B4000-memory.dmp

    Filesize

    272KB

  • memory/4484-9-0x0000000002570000-0x00000000025B4000-memory.dmp

    Filesize

    272KB

  • memory/4484-55-0x0000000002570000-0x00000000025B4000-memory.dmp

    Filesize

    272KB

  • memory/4484-47-0x0000000002570000-0x00000000025B4000-memory.dmp

    Filesize

    272KB

  • memory/4484-41-0x0000000002570000-0x00000000025B4000-memory.dmp

    Filesize

    272KB

  • memory/4484-35-0x0000000002570000-0x00000000025B4000-memory.dmp

    Filesize

    272KB

  • memory/4484-29-0x0000000002570000-0x00000000025B4000-memory.dmp

    Filesize

    272KB

  • memory/4484-21-0x0000000002570000-0x00000000025B4000-memory.dmp

    Filesize

    272KB

  • memory/4484-17-0x0000000002570000-0x00000000025B4000-memory.dmp

    Filesize

    272KB

  • memory/4484-15-0x0000000002570000-0x00000000025B4000-memory.dmp

    Filesize

    272KB

  • memory/4484-13-0x0000000002570000-0x00000000025B4000-memory.dmp

    Filesize

    272KB

  • memory/4484-8-0x0000000002570000-0x00000000025B4000-memory.dmp

    Filesize

    272KB

  • memory/4484-806-0x0000000000930000-0x0000000000A30000-memory.dmp

    Filesize

    1024KB