Analysis
-
max time kernel
16s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
30-06-2024 03:03
Static task
static1
Behavioral task
behavioral1
Sample
RedLineStealer.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
RedLineStealer.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
RedLineStealer.exe
Resource
win11-20240508-en
Behavioral task
behavioral4
Sample
RedLineStealer.exe
Resource
android-x64-arm64-20240624-en
General
-
Target
RedLineStealer.exe
-
Size
512KB
-
MD5
a957dc16d684fbd7e12fc87e8ee12fea
-
SHA1
20c73ccfdba13fd9b79c9e02432be39e48e4b37d
-
SHA256
071b6c448d2546dea8caed872fca0d002f59a6b9849f0de2a565fc74b487fa37
-
SHA512
fd6982587fba779d6febb84dfa65ec3e048e17733c2f01b61996bedb170bb4bb1cbb822c0dd2cf44a7e601373abaf499885b13b7957dd2a307bbd8f2120e9b3b
-
SSDEEP
12288:4iFfKsLIh/4hBNR3lfo4T4A1i5g70dbRFpJtRSfF:40iP/E/pigb1i5Q0dbLLWf
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2252 1704 WerFault.exe RedLineStealer.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
RedLineStealer.exedescription pid process target process PID 1704 wrote to memory of 2252 1704 RedLineStealer.exe WerFault.exe PID 1704 wrote to memory of 2252 1704 RedLineStealer.exe WerFault.exe PID 1704 wrote to memory of 2252 1704 RedLineStealer.exe WerFault.exe PID 1704 wrote to memory of 2252 1704 RedLineStealer.exe WerFault.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1704-0-0x0000000000020000-0x0000000000021000-memory.dmpFilesize
4KB