Overview

overview

10

Static

static

3

urdG51OK22.exe

windows7-x64

10

urdG51OK22.exe

windows10-2004-x64

10

wrhf66hI61.exe

windows7-x64

10

wrhf66hI61.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    11-12-2024 06:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    wrhf66hI61.exe

  • Size

    290KB

  • MD5

    8fee42f989bab807a7e66858ba5fe89d

  • SHA1

    2f0c74aba0b54d351ac033248a718fa08edbfd91

  • SHA256

    0b8c7c56907917d4b837cb95e0f7f47223d4457ddddd5986922cd7e3d61d70e5

  • SHA512

    d4e1289b7bd0255a74eb8b85b552326ef288d45a9c69188a70215ecba62c984ecdb2ebb8ded103a699d109bf6d82ade212ed7c3dda8e04e780a79593cc3f6926

  • SSDEEP

    6144:og4xXooJCL9VLrkknlnwfo5wo+Nc3heJACEWdYCPoj:ogu4o0oklnwfoio+UwACEWdYlj

Score
10/10
redlinerostodiscoveryinfostealer

Malware Config

Extracted

Family

redline

Botnet

rosto

C2

hueref.eu:4162

Attributes
  • auth_value

    07d81eba8cad42bbd0ae60042d48eac6

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 35 IoCs
  • Redline family
    redline
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\wrhf66hI61.exe
    "C:\Users\Admin\AppData\Local\Temp\wrhf66hI61.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:2932

Network

  • flag-us
    DNS
    hueref.eu
    wrhf66hI61.exe
    Remote address:
    8.8.8.8:53
    Request
    hueref.eu
    IN A
    Response
No results found
  • 8.8.8.8:53
    hueref.eu
    dns
    wrhf66hI61.exe
    55 B
     109 B
     1
    1

    DNS Request

    hueref.eu

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2932-1-0x0000000000690000-0x0000000000790000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2932-2-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/2932-3-0x0000000000400000-0x000000000058D000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2932-4-0x00000000023F0000-0x0000000002436000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2932-5-0x0000000002430000-0x0000000002474000-memory.dmp

    Filesize

    272KB

    Download

  • memory/2932-6-0x0000000002430000-0x000000000246E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2932-7-0x0000000002430000-0x000000000246E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2932-9-0x0000000002430000-0x000000000246E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2932-11-0x0000000002430000-0x000000000246E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2932-13-0x0000000002430000-0x000000000246E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2932-19-0x0000000002430000-0x000000000246E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2932-43-0x0000000002430000-0x000000000246E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2932-61-0x0000000002430000-0x000000000246E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2932-69-0x0000000002430000-0x000000000246E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2932-67-0x0000000002430000-0x000000000246E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2932-65-0x0000000002430000-0x000000000246E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2932-63-0x0000000002430000-0x000000000246E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2932-59-0x0000000002430000-0x000000000246E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2932-57-0x0000000002430000-0x000000000246E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2932-55-0x0000000002430000-0x000000000246E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2932-53-0x0000000002430000-0x000000000246E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2932-51-0x0000000002430000-0x000000000246E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2932-49-0x0000000002430000-0x000000000246E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2932-47-0x0000000002430000-0x000000000246E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2932-45-0x0000000002430000-0x000000000246E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2932-41-0x0000000002430000-0x000000000246E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2932-39-0x0000000002430000-0x000000000246E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2932-37-0x0000000002430000-0x000000000246E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2932-35-0x0000000002430000-0x000000000246E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2932-33-0x0000000002430000-0x000000000246E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2932-31-0x0000000002430000-0x000000000246E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2932-29-0x0000000002430000-0x000000000246E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2932-27-0x0000000002430000-0x000000000246E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2932-25-0x0000000002430000-0x000000000246E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2932-23-0x0000000002430000-0x000000000246E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2932-21-0x0000000002430000-0x000000000246E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2932-17-0x0000000002430000-0x000000000246E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2932-15-0x0000000002430000-0x000000000246E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2932-912-0x0000000000690000-0x0000000000790000-memory.dmp

    Filesize

    1024KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.