Overview

overview

10

Static

static

SecuriteIn...14.exe

windows7_x64

10

SecuriteIn...14.exe

windows10_x64

10

Analysis

  • max time kernel
    146s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    01-12-2020 01:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Trojan.PWS.Siggen2.59811.8602.13414.exe

  • Size

    448KB

  • MD5

    843a44fc8293f876b0568ac437ebcd8a

  • SHA1

    4f0887e551b79ef9ef0598c767a8db8fa0689fab

  • SHA256

    33f6371aa2a9ab319f7292e4e589aff44894f639767cc174e487dc1672ee03d2

  • SHA512

    34450527dc17fc2cd13da1a471fd312f7a0560d94b33694aeb8867230f7f1c2e0086a45f16ab35057773eab1c71b5b6237df4126b93bf3124f5f805a661b47a8

Score
10/10
redlineinfostealer

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 4 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 33 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Siggen2.59811.8602.13414.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Siggen2.59811.8602.13414.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:800
    • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Siggen2.59811.8602.13414.exe
      "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Siggen2.59811.8602.13414.exe"
      2⤵
        PID:1272
      • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Siggen2.59811.8602.13414.exe
        "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Siggen2.59811.8602.13414.exe"
        2⤵
          PID:912
        • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Siggen2.59811.8602.13414.exe
          "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Siggen2.59811.8602.13414.exe"
          2⤵
            PID:1408
          • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Siggen2.59811.8602.13414.exe
            "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Siggen2.59811.8602.13414.exe"
            2⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:628

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/628-9-0x00000000004212B2-mapping.dmp

          Download

        • memory/628-8-0x0000000000400000-0x0000000000428000-memory.dmp

          Filesize

          160KB

          Download

        • memory/628-11-0x0000000000400000-0x0000000000428000-memory.dmp

          Filesize

          160KB

          Download

        • memory/628-10-0x0000000000400000-0x0000000000428000-memory.dmp

          Filesize

          160KB

          Download

        • memory/628-12-0x00000000746D0000-0x0000000074DBE000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/800-2-0x00000000746D0000-0x0000000074DBE000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/800-3-0x00000000001C0000-0x00000000001C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/800-5-0x0000000000520000-0x000000000054C000-memory.dmp

          Filesize

          176KB

          Download

        • memory/800-6-0x00000000005D0000-0x0000000000616000-memory.dmp

          Filesize

          280KB

          Download

        • memory/800-7-0x0000000000680000-0x0000000000696000-memory.dmp

          Filesize

          88KB

          Download