Analysis
-
max time kernel
298s -
max time network
305s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
-
submitted
26-05-2024 18:47
General
-
Target
build.exe
-
Size
300KB
-
MD5
cf7f3392c40731f6dbfb0f2030f1d4c8
-
SHA1
d7d57d41aaffd5a251e0f10148d0f2254bd1a063
-
SHA256
ed51cf1b4599a9b8a9f5292245b2efb43b4db569bf72c8f9e4b75307551933c3
-
SHA512
92d5d81864336317443e230d5e3a7d48e10610ef1f9bdad44e14d05cf390cf9982c9885123749dce7ee2194830313597dfe14ca106c38aa7d11ab27cc74eaf89
-
SSDEEP
3072:GcZqf7D34qp/0+mAYkygYdQ0ghnB1fA0PuTVAtkxzk3R4eqiOL2bBOA:GcZqf7DIqnGapB1fA0GTV8k2YL
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
1234
C2
uk2.localto.net:8899
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\build.exe"C:\Users\Admin\AppData\Local\Temp\build.exe"1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1460-0-0x0000000073D6E000-0x0000000073D6F000-memory.dmpFilesize
4KB
-
memory/1460-1-0x0000000000D70000-0x0000000000DC2000-memory.dmpFilesize
328KB
-
memory/1460-2-0x0000000005BB0000-0x00000000060AE000-memory.dmpFilesize
5.0MB
-
memory/1460-3-0x00000000056B0000-0x0000000005742000-memory.dmpFilesize
584KB
-
memory/1460-4-0x0000000005790000-0x000000000579A000-memory.dmpFilesize
40KB
-
memory/1460-5-0x0000000073D60000-0x000000007444E000-memory.dmpFilesize
6.9MB
-
memory/1460-6-0x00000000066C0000-0x0000000006CC6000-memory.dmpFilesize
6.0MB
-
memory/1460-7-0x0000000005A10000-0x0000000005B1A000-memory.dmpFilesize
1.0MB
-
memory/1460-8-0x0000000005880000-0x0000000005892000-memory.dmpFilesize
72KB
-
memory/1460-9-0x00000000058E0000-0x000000000591E000-memory.dmpFilesize
248KB
-
memory/1460-10-0x0000000005920000-0x000000000596B000-memory.dmpFilesize
300KB
-
memory/1460-11-0x0000000073D6E000-0x0000000073D6F000-memory.dmpFilesize
4KB
-
memory/1460-12-0x0000000073D60000-0x000000007444E000-memory.dmpFilesize
6.9MB