Overview

overview

10

Static

static

3

196993766d...e4.exe

windows10-2004-x64

10

2cb02eeff0...07.exe

windows10-2004-x64

10

515ca9dbb0...70.exe

windows10-2004-x64

10

637e68df5f...fc.exe

windows10-2004-x64

10

67adfef018...3f.exe

windows10-2004-x64

10

753ea0d141...ee.exe

windows10-2004-x64

10

75a099d51b...a2.exe

windows10-2004-x64

10

7bc60a53f2...61.exe

windows10-2004-x64

10

878c11674c...59.exe

windows10-2004-x64

10

905a82b666...03.exe

windows10-2004-x64

10

9e0acffebc...ef.exe

windows10-2004-x64

10

9e61b06119...c5.exe

windows10-2004-x64

10

a8e7ed480b...c2.exe

windows10-2004-x64

10

b55e0e5824...a8.exe

windows10-2004-x64

10

b6f3ae7c80...fd.exe

windows10-2004-x64

10

c3d6d3e893...ba.exe

windows10-2004-x64

10

d68f556e86...13.exe

windows10-2004-x64

10

f67e1f80fb...aa.exe

windows10-2004-x64

10

fb8a184cad...cb.exe

windows10-2004-x64

10

fe5b99ae2f...bb.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 17:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    878c11674c0d8a2d45512540cc40d386c9d9226a6518be88109168224c8be159.exe

  • Size

    684KB

  • MD5

    c0e22770f7c2e9dfc4556c481bd60236

  • SHA1

    d29db9fb6a35942ffeec3e263000b3d239f6250b

  • SHA256

    878c11674c0d8a2d45512540cc40d386c9d9226a6518be88109168224c8be159

  • SHA512

    ea276c2faf5ff9ef7e199dfee7efe16cd443df3bc4f5b471cce67a13bd122c8690e78bbdd6bf4ea8739465782b626b821413b9891e446be1988fadfb249846f1

  • SSDEEP

    12288:KMrAy90VVPvKRok2+cz6hWtiK1gOVie2lJ6Zi7G0c+973sauRd:eyCUpdthWMKGDj9rs3Rd

Score
10/10
redlinebubeninfostealerpersistence

Malware Config

Extracted

Family

redline

Botnet

buben

C2

77.91.124.82:19071

Attributes
  • auth_value

    c62fa04aa45f5b78f62d2c21fcbefdec

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 2 IoCs
  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\878c11674c0d8a2d45512540cc40d386c9d9226a6518be88109168224c8be159.exe
    "C:\Users\Admin\AppData\Local\Temp\878c11674c0d8a2d45512540cc40d386c9d9226a6518be88109168224c8be159.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:4624
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\x5526257.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\x5526257.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:1588
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\h2954098.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\h2954098.exe
        3⤵
        • Executes dropped EXE
        PID:1112

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\x5526257.exe
    Filesize

    292KB

    MD5

    c4983f19af462412a6a521f8f402c4c2

    SHA1

    85190fee48f33650377577d1190293a1c4399967

    SHA256

    f6ea34b7d03523f98ca984be5fffbd855c117dbe73b6d32933f3f8e2ee95501e

    SHA512

    3c7357da7c50eebfb9e8b7f5c58d14d99cdad231c9a5870095f3464f76841f4410139f45d6f603d563cca09e5466ef8e58b2de333da1cce1502f3c6fc81291b8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\h2954098.exe
    Filesize

    174KB

    MD5

    b3bea781853c616141de5a14e2e144f8

    SHA1

    73f9ac132648bdd17265b5e61f981918d0c745b1

    SHA256

    1060b8751d246b4e796410bb56b921c1f23e5589252bb220d422115bd1e61cb1

    SHA512

    4f2c06c1355c05134bdd273c1e1e440fcbfa111a11e91df1e7654c498e9d21f5d0a43bb169b409964e437c684487399249e797eaa5242fd05b3609facdcd24f0

    Download Submit

  • memory/1112-14-0x0000000073CCE000-0x0000000073CCF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1112-15-0x0000000000DB0000-0x0000000000DE0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/1112-16-0x0000000002F90000-0x0000000002F96000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1112-17-0x000000000B0D0000-0x000000000B6E8000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/1112-18-0x000000000AC20000-0x000000000AD2A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1112-19-0x000000000AB60000-0x000000000AB72000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1112-20-0x000000000ABC0000-0x000000000ABFC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1112-21-0x0000000073CC0000-0x0000000074470000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1112-22-0x0000000005130000-0x000000000517C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/1112-23-0x0000000073CCE000-0x0000000073CCF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1112-24-0x0000000073CC0000-0x0000000074470000-memory.dmp

    Filesize

    7.7MB

    Download