Overview

overview

10

Static

static

8

482caddfdd...e5.exe

windows7_x64

10

482caddfdd...e5.exe

windows10_x64

10

Analysis

  • max time kernel
    17s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    16-01-2021 07:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    482caddfddfe63e8a5803a99b8da7be5.exe

  • Size

    287KB

  • MD5

    482caddfddfe63e8a5803a99b8da7be5

  • SHA1

    6c1f308011f4c939c9b86a7bc84d9e2a28ee3c5e

  • SHA256

    cfbb03f5736821b65dd01bdb4187911a278faa8c07fd29e402a24ea58c414259

  • SHA512

    316cf106097a7b3f4c907e4f3fb1338b76a325afa2c9d74bbe5c4aa21fd6eae114e5a1b13c4f85c9363950b560a7df71b132fdd1c9f642a7a959ed63d7d2f688

Score
10/10
redlinediscoveryinfostealerspyware

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\482caddfddfe63e8a5803a99b8da7be5.exe
    "C:\Users\Admin\AppData\Local\Temp\482caddfddfe63e8a5803a99b8da7be5.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:648

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/648-2-0x0000000004DC0000-0x0000000004DD1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/648-3-0x00000000066D0000-0x00000000066E1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/648-4-0x0000000074670000-0x0000000074D5E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/648-5-0x0000000006A20000-0x0000000006A49000-memory.dmp

    Filesize

    164KB

    Download

  • memory/648-6-0x0000000006A50000-0x0000000006A77000-memory.dmp

    Filesize

    156KB

    Download