Overview

overview

10

Static

static

3

0c6e46254a...6N.exe

windows7-x64

10

0c6e46254a...6N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    111s
  • max time network
    115s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    02-02-2025 09:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0c6e46254a2970331a9e4e06f799934368a76af445f24b8f734aee2dbbad6e46N.exe

  • Size

    292KB

  • MD5

    6bc8ed282353692ebc4f3117e4ecf850

  • SHA1

    6a13bad9455b1bbd5a996b4db226454de72b93e4

  • SHA256

    0c6e46254a2970331a9e4e06f799934368a76af445f24b8f734aee2dbbad6e46

  • SHA512

    c0bf8a2088679ebabf49a253e027c2651ee9a911e00ef2f43c7baf811830252b88817b335721fb00c1917190f93c776bf91357af76e3729d38b3e41a2c7a52ff

  • SSDEEP

    6144:cvd1MRI08ajawvs9TqeiQcw/FiXUXp/GFLsz7rFEvJiq:c1MRB8aNvsxq41XV8Lsz7rFEv

Score
10/10
redlinework100discoveryinfostealer

Malware Config

Extracted

Family

redline

Botnet

work100

C2

193.233.132.4:62111

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 2 IoCs
  • Redline family
    redline
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\0c6e46254a2970331a9e4e06f799934368a76af445f24b8f734aee2dbbad6e46N.exe
    "C:\Users\Admin\AppData\Local\Temp\0c6e46254a2970331a9e4e06f799934368a76af445f24b8f734aee2dbbad6e46N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2568

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2568-0-0x0000000000402000-0x0000000000404000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2568-1-0x00000000002C0000-0x00000000002FC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2568-5-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download