redline | 9eff518a31a5ca6d372d8c2e60820b3b014e884da27c4ce7482fefc9b80d4b7f | Triage

Analysis

max time kernel
7s
max time network
0s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21/05/2024, 09:51

Sharing

Report Analysis Logs

General

Target

XcHvYYrNa.exe
Size

300KB
MD5

b9a421c6f519b309d05149b5388debc6
SHA1

f713cef1b438bc65d33ff7c1532b9ac4f9cd9fa2
SHA256

9eff518a31a5ca6d372d8c2e60820b3b014e884da27c4ce7482fefc9b80d4b7f
SHA512

25fb917f01e6b2543c47a25561e6ff2f15fe304558281e52694ed26ff046b8fcf74f9a2e023dca41b2f7ceae1349d48ed4cfabe93b9c69582be9c290218acbd6
SSDEEP

3072:ycZqf7D34Tp/0+mAWkyYHcQQg3/B1fA0PuTVAtkxz93REeqiOL2bBOA:ycZqf7DItnzXvB1fA0GTV8kHsL

Score

10^/10

redline solarahacked infostealer

Malware Config

Extracted

Family

redline

Botnet

SolaraHacked

C2

127.0.0.1:4444

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral1/memory/1728-1-0x0000000000DD0000-0x0000000000E22000-memory.dmp	family_redline

C:\Users\Admin\AppData\Local\Temp\XcHvYYrNa.exe
"C:\Users\Admin\AppData\Local\Temp\XcHvYYrNa.exe"
1⤵
PID:1728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1728-0-0x0000000074CDE000-0x0000000074CDF000-memory.dmp

Filesize
4KB

Download
memory/1728-1-0x0000000000DD0000-0x0000000000E22000-memory.dmp

Filesize
328KB

Download
memory/1728-2-0x0000000074CD0000-0x00000000753BE000-memory.dmp

Filesize
6.9MB

Download