Overview

overview

10

Static

static

8

ce31f1e5ea...ba.exe

windows7_x64

10

ce31f1e5ea...ba.exe

windows10_x64

10

Analysis

  • max time kernel
    23s
  • max time network
    25s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    15-01-2021 15:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ce31f1e5ea5951c790151fec2606daba.exe

  • Size

    322KB

  • MD5

    ce31f1e5ea5951c790151fec2606daba

  • SHA1

    f6ff74832c892f668ae887e23ecc4b18abfc514a

  • SHA256

    898c957d6bc0417994827db79ca2c264ee100f0ccf54cafdbf18b4e9c9559c0b

  • SHA512

    0b7c8659bfd00130b90d94a0fa22795244f791ed92c6e54298526638e0e8d6c9e237238e301de31bfb936589deb62a70e19dcfc59c7f21e857086c64e1e8d287

Score
10/10
redlinediscoveryinfostealerspyware

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ce31f1e5ea5951c790151fec2606daba.exe
    "C:\Users\Admin\AppData\Local\Temp\ce31f1e5ea5951c790151fec2606daba.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1048

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1048-2-0x00000000049D0000-0x00000000049E1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1048-3-0x0000000006290000-0x00000000062A1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1048-4-0x0000000073C60000-0x000000007434E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1048-5-0x0000000006210000-0x0000000006239000-memory.dmp

    Filesize

    164KB

    Download

  • memory/1048-6-0x00000000064D0000-0x00000000064F7000-memory.dmp

    Filesize

    156KB

    Download