Overview

overview

10

Static

static

8

5546a7cd2b...60.exe

windows7_x64

10

5546a7cd2b...60.exe

windows10_x64

10

Analysis

  • max time kernel
    103s
  • max time network
    111s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    16-01-2021 07:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5546a7cd2bdabe0daca28514f4c97c60.exe

  • Size

    344KB

  • MD5

    5546a7cd2bdabe0daca28514f4c97c60

  • SHA1

    a372f6566e96220991cd0aa33263c0ff4bba0654

  • SHA256

    0bcdbd7631575e1764678e07bc71bd824c92c04a783c533891ebf5492f6ce409

  • SHA512

    dfc62d6dac2a963d3862b390ca40c50088adffe36122e10a6c481670849bf3c0d6ac84658c39c600eda8c976a63677571f3fd255fc003b711391e8d228875df6

Score
10/10
redlinediscoveryinfostealerspyware

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5546a7cd2bdabe0daca28514f4c97c60.exe
    "C:\Users\Admin\AppData\Local\Temp\5546a7cd2bdabe0daca28514f4c97c60.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3576

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3576-2-0x0000000004829000-0x000000000482A000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3576-3-0x00000000064A0000-0x00000000064A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3576-4-0x00000000064A0000-0x00000000064A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3576-5-0x0000000006700000-0x0000000006701000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3576-6-0x0000000073DC0000-0x00000000744AE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/3576-7-0x00000000066C0000-0x00000000066E9000-memory.dmp

    Filesize

    164KB

    Download

  • memory/3576-8-0x0000000008C70000-0x0000000008C71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3576-9-0x00000000091B0000-0x00000000091D7000-memory.dmp

    Filesize

    156KB

    Download

  • memory/3576-10-0x00000000091E0000-0x00000000091E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3576-11-0x0000000009890000-0x0000000009891000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3576-12-0x00000000098B0000-0x00000000098B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3576-13-0x0000000009920000-0x0000000009921000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3576-14-0x0000000009AA0000-0x0000000009AA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3576-15-0x000000000A780000-0x000000000A781000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3576-16-0x000000000A950000-0x000000000A951000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3576-17-0x000000000AF80000-0x000000000AF81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3576-18-0x000000000B040000-0x000000000B041000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3576-19-0x000000000B0D0000-0x000000000B0D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3576-20-0x000000000B5A0000-0x000000000B5A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3576-21-0x000000000BE10000-0x000000000BE11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3576-22-0x000000000C270000-0x000000000C271000-memory.dmp

    Filesize

    4KB

    Download