Overview

overview

10

Static

static

8

cbdff30c20...cb.exe

windows7_x64

10

cbdff30c20...cb.exe

windows10_x64

10

Analysis

  • max time kernel
    143s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    27-12-2020 07:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cbdff30c20cf539b3d2a4c00b3d1c9cb.exe

  • Size

    285KB

  • MD5

    cbdff30c20cf539b3d2a4c00b3d1c9cb

  • SHA1

    2f8f5a2d6aa8a0dafbcea3122671c787631d09b0

  • SHA256

    bb767330c0fc670d97feb2b68280b7837d7c732dbbb47d20684be2edba6ad24d

  • SHA512

    46c170acfd5ffe4ff1eb6d9fe41d9cfa70099250be35775b7e2c6a2f9ef161a647e5ffd06226786c07eb98c6853a4734801cf34a43d0fdcafba06df072c787de

Score
10/10
redlineinfostealer

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cbdff30c20cf539b3d2a4c00b3d1c9cb.exe
    "C:\Users\Admin\AppData\Local\Temp\cbdff30c20cf539b3d2a4c00b3d1c9cb.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1676-2-0x00000000002C9000-0x00000000002DA000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1676-3-0x0000000005390000-0x00000000053A1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1676-4-0x0000000006EB0000-0x0000000006EC1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1676-5-0x00000000741A0000-0x000000007488E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1676-6-0x0000000006DD0000-0x0000000006DF4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/1676-12-0x0000000006FB0000-0x0000000006FD2000-memory.dmp

    Filesize

    136KB

    Download