Overview

overview

10

Static

static

8

383b866c7b...d3.exe

windows7_x64

10

383b866c7b...d3.exe

windows10_x64

10

Analysis

  • max time kernel
    14s
  • max time network
    110s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    08-01-2021 18:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    383b866c7b2a1039fbf537381399fed3.exe

  • Size

    349KB

  • MD5

    383b866c7b2a1039fbf537381399fed3

  • SHA1

    67233ab2394ad1e75362cbc3278081ea5105d821

  • SHA256

    0a5faef2bdcce3d5b58e9062bf8f936596a96eaf0b270ed86cac3033cd922537

  • SHA512

    3c4530ea744f10687ea59a0e6ccf5a3e4101b2e9b2086f08068be8c71c789e94b54c52fbcbc1754f8edb44c7b7d246bc110d8fa5a793c71e335cfd19e6cb6d5b

Score
10/10
redlinediscoveryinfostealerspyware

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\383b866c7b2a1039fbf537381399fed3.exe
    "C:\Users\Admin\AppData\Local\Temp\383b866c7b2a1039fbf537381399fed3.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3992

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3992-2-0x0000000004E53000-0x0000000004E54000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3992-3-0x0000000005550000-0x0000000005551000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3992-4-0x0000000006E70000-0x0000000006E71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3992-5-0x00000000737B0000-0x0000000073E9E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/3992-6-0x0000000005470000-0x000000000549B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/3992-7-0x0000000009830000-0x0000000009831000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3992-8-0x0000000006DF0000-0x0000000006E19000-memory.dmp

    Filesize

    164KB

    Download

  • memory/3992-9-0x0000000009D30000-0x0000000009D31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3992-10-0x0000000006FC0000-0x0000000006FC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3992-11-0x0000000006FE0000-0x0000000006FE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3992-12-0x0000000007160000-0x0000000007161000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3992-13-0x000000000A340000-0x000000000A341000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3992-14-0x000000000AF40000-0x000000000AF41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3992-15-0x000000000B110000-0x000000000B111000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3992-16-0x000000000B730000-0x000000000B731000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3992-17-0x000000000B7F0000-0x000000000B7F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3992-18-0x000000000B880000-0x000000000B881000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3992-19-0x000000000BB40000-0x000000000BB41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3992-20-0x000000000C990000-0x000000000C991000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3992-21-0x000000000CD30000-0x000000000CD31000-memory.dmp

    Filesize

    4KB

    Download