Overview

overview

10

Static

static

5255cbe95f...0b.exe

windows7_x64

10

5255cbe95f...0b.exe

windows10_x64

10

Analysis

  • max time kernel
    144s
  • max time network
    149s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    03-12-2020 07:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5255cbe95f3798371938f310bdee3b0b.exe

  • Size

    405KB

  • MD5

    5255cbe95f3798371938f310bdee3b0b

  • SHA1

    4fffef86242a1eaba0732f61ec6e4ccd022518d3

  • SHA256

    5e05d90bcdb3ed152fbc447a2f30538affdb2e3c3f60fe4a548837123a423f45

  • SHA512

    748b59e3c5c1e3265c96f659ab889814a6f8e945f970f7b91be9b7a2c917967cbdc5445880a906bfc98e2996b0121b9b1b837ff825aaf68a896292482f2bd702

Score
10/10
redlineinfostealer

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5255cbe95f3798371938f310bdee3b0b.exe
    "C:\Users\Admin\AppData\Local\Temp\5255cbe95f3798371938f310bdee3b0b.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4052-2-0x0000000002A90000-0x0000000002A91000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4052-3-0x0000000002B40000-0x0000000002B41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4052-4-0x00000000736F0000-0x0000000073DDE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/4052-5-0x0000000002B00000-0x0000000002B25000-memory.dmp

    Filesize

    148KB

    Download

  • memory/4052-6-0x0000000005430000-0x0000000005431000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4052-7-0x00000000052C0000-0x00000000052E3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/4052-8-0x0000000005930000-0x0000000005931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4052-9-0x0000000005370000-0x0000000005371000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4052-10-0x00000000053B0000-0x00000000053B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4052-11-0x0000000005F40000-0x0000000005F41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4052-12-0x00000000060A0000-0x00000000060A1000-memory.dmp

    Filesize

    4KB

    Download