Overview

overview

10

Static

static

8

ce31f1e5ea...ba.exe

windows7_x64

10

ce31f1e5ea...ba.exe

windows10_x64

10

Analysis

  • max time kernel
    17s
  • max time network
    113s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    15-01-2021 15:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ce31f1e5ea5951c790151fec2606daba.exe

  • Size

    322KB

  • MD5

    ce31f1e5ea5951c790151fec2606daba

  • SHA1

    f6ff74832c892f668ae887e23ecc4b18abfc514a

  • SHA256

    898c957d6bc0417994827db79ca2c264ee100f0ccf54cafdbf18b4e9c9559c0b

  • SHA512

    0b7c8659bfd00130b90d94a0fa22795244f791ed92c6e54298526638e0e8d6c9e237238e301de31bfb936589deb62a70e19dcfc59c7f21e857086c64e1e8d287

Score
10/10
redlinediscoveryinfostealerspyware

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ce31f1e5ea5951c790151fec2606daba.exe
    "C:\Users\Admin\AppData\Local\Temp\ce31f1e5ea5951c790151fec2606daba.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1036

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1036-2-0x0000000004AB0000-0x0000000004AB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1036-3-0x0000000006770000-0x0000000006771000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1036-4-0x0000000073DB0000-0x000000007449E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1036-5-0x0000000006540000-0x0000000006569000-memory.dmp

    Filesize

    164KB

    Download

  • memory/1036-6-0x0000000008E30000-0x0000000008E31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1036-7-0x0000000006A00000-0x0000000006A27000-memory.dmp

    Filesize

    156KB

    Download

  • memory/1036-8-0x0000000009330000-0x0000000009331000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1036-9-0x0000000009940000-0x0000000009941000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1036-10-0x0000000009960000-0x0000000009961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1036-11-0x00000000099D0000-0x00000000099D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1036-12-0x0000000009B50000-0x0000000009B51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1036-13-0x000000000A870000-0x000000000A871000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1036-14-0x000000000AA40000-0x000000000AA41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1036-15-0x000000000B170000-0x000000000B171000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1036-16-0x000000000B230000-0x000000000B231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1036-17-0x000000000B2C0000-0x000000000B2C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1036-18-0x000000000C350000-0x000000000C351000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1036-19-0x000000000C560000-0x000000000C561000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1036-20-0x000000000C5B0000-0x000000000C5B1000-memory.dmp

    Filesize

    4KB

    Download