Overview

overview

10

Static

static

3

5937b22886...1e.exe

windows7-x64

10

5937b22886...1e.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    10/11/2024, 00:17 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5937b2288651fa1fcf9559a07f73a19a94e42c72da5ae5f42f0a7f6efc4e6e1e.exe

  • Size

    428KB

  • MD5

    c6c47b5772502c3e59a36541abce7fc4

  • SHA1

    18a4dc1615e86ae66337cef8005e1359e30112f8

  • SHA256

    5937b2288651fa1fcf9559a07f73a19a94e42c72da5ae5f42f0a7f6efc4e6e1e

  • SHA512

    025f5a3f5da27b3c84d5a2e5151b85b64d3a106fa0e1526c539fb75e6653bdba6773b020f22ff925fb96908d9013ef7daf9e55439591d08b5976bb34b641e426

  • SSDEEP

    6144:HheiEHjdNxQbjcTIldEfxcLD0XN6uVQF5em6jozUXwO4i7hAX3oYjGmSp/w:HXU5GwBcLDIgBUXwO4i7hATjGm/

Score
10/10
redline1discoveryinfostealer

Malware Config

Extracted

Family

redline

Botnet

1

C2

45.9.20.59:46287

Attributes
  • auth_value

    ec6ada170bcec2e72f0e1f3954547f73

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 35 IoCs
  • Redline family
    redline
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5937b2288651fa1fcf9559a07f73a19a94e42c72da5ae5f42f0a7f6efc4e6e1e.exe
    "C:\Users\Admin\AppData\Local\Temp\5937b2288651fa1fcf9559a07f73a19a94e42c72da5ae5f42f0a7f6efc4e6e1e.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:1688

Network

    No results found
  • 45.9.20.59:46287
    5937b2288651fa1fcf9559a07f73a19a94e42c72da5ae5f42f0a7f6efc4e6e1e.exe
    152 B
     3
  • 45.9.20.59:46287
    5937b2288651fa1fcf9559a07f73a19a94e42c72da5ae5f42f0a7f6efc4e6e1e.exe
    152 B
     3
  • 45.9.20.59:46287
    5937b2288651fa1fcf9559a07f73a19a94e42c72da5ae5f42f0a7f6efc4e6e1e.exe
    152 B
     3
  • 45.9.20.59:46287
    5937b2288651fa1fcf9559a07f73a19a94e42c72da5ae5f42f0a7f6efc4e6e1e.exe
    152 B
     3
  • 45.9.20.59:46287
    5937b2288651fa1fcf9559a07f73a19a94e42c72da5ae5f42f0a7f6efc4e6e1e.exe
    152 B
     3
  • 45.9.20.59:46287
    5937b2288651fa1fcf9559a07f73a19a94e42c72da5ae5f42f0a7f6efc4e6e1e.exe
    152 B
     3
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1688-1-0x0000000000270000-0x0000000000370000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1688-2-0x00000000004F0000-0x0000000000529000-memory.dmp

    Filesize

    228KB

    Download

  • memory/1688-3-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1688-4-0x0000000000400000-0x00000000004ED000-memory.dmp

    Filesize

    948KB

    Download

  • memory/1688-5-0x0000000002030000-0x0000000002064000-memory.dmp

    Filesize

    208KB

    Download

  • memory/1688-6-0x0000000002060000-0x0000000002092000-memory.dmp

    Filesize

    200KB

    Download

  • memory/1688-19-0x0000000002060000-0x000000000208C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1688-7-0x0000000002060000-0x000000000208C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1688-31-0x0000000002060000-0x000000000208C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1688-36-0x0000000002060000-0x000000000208C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1688-8-0x0000000002060000-0x000000000208C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1688-44-0x0000000002060000-0x000000000208C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1688-62-0x0000000002060000-0x000000000208C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1688-10-0x0000000002060000-0x000000000208C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1688-12-0x0000000002060000-0x000000000208C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1688-14-0x0000000002060000-0x000000000208C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1688-16-0x0000000002060000-0x000000000208C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1688-22-0x0000000002060000-0x000000000208C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1688-24-0x0000000002060000-0x000000000208C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1688-26-0x0000000002060000-0x000000000208C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1688-32-0x0000000002060000-0x000000000208C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1688-34-0x0000000002060000-0x000000000208C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1688-42-0x0000000002060000-0x000000000208C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1688-50-0x0000000002060000-0x000000000208C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1688-60-0x0000000002060000-0x000000000208C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1688-70-0x0000000002060000-0x000000000208C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1688-68-0x0000000002060000-0x000000000208C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1688-66-0x0000000002060000-0x000000000208C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1688-64-0x0000000002060000-0x000000000208C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1688-58-0x0000000002060000-0x000000000208C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1688-56-0x0000000002060000-0x000000000208C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1688-54-0x0000000002060000-0x000000000208C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1688-52-0x0000000002060000-0x000000000208C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1688-48-0x0000000002060000-0x000000000208C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1688-46-0x0000000002060000-0x000000000208C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1688-40-0x0000000002060000-0x000000000208C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1688-38-0x0000000002060000-0x000000000208C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1688-28-0x0000000002060000-0x000000000208C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1688-20-0x0000000002060000-0x000000000208C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1688-957-0x0000000000270000-0x0000000000370000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1688-958-0x00000000004F0000-0x0000000000529000-memory.dmp

    Filesize

    228KB

    Download

  • memory/1688-960-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.