Overview

overview

10

Static

static

9cbbddd7d3...90.exe

windows7_x64

10

9cbbddd7d3...90.exe

windows10_x64

10

Analysis

  • max time kernel
    23s
  • max time network
    111s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    12-02-2021 19:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9cbbddd7d3833db0cff9069135579290.exe

  • Size

    341KB

  • MD5

    9cbbddd7d3833db0cff9069135579290

  • SHA1

    4a0bf6a8374902516d812d52e88ad4114cead3ba

  • SHA256

    a0e6efd5e5cbefe2a59d0f5d0aa4486a7857c4f7658cd36489c4f41fd3fd0382

  • SHA512

    2a764ce8f9523888859ffdc4411f17a28bf296421acd001b0bbc8d61e2534d61bdb084f3cd8d930e65ccc67e36db96511e5988f84305b9b088ce02fa8938d33f

Score
10/10
redlinediscoveryinfostealerspyware

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9cbbddd7d3833db0cff9069135579290.exe
    "C:\Users\Admin\AppData\Local\Temp\9cbbddd7d3833db0cff9069135579290.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:880

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/880-2-0x00000000023D0000-0x00000000023D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/880-3-0x00000000021F0000-0x0000000002227000-memory.dmp

    Filesize

    220KB

    Download

  • memory/880-4-0x00000000024E0000-0x00000000024E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/880-5-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/880-6-0x0000000073280000-0x000000007396E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/880-7-0x0000000002330000-0x0000000002331000-memory.dmp

    Filesize

    4KB

    Download

  • memory/880-8-0x0000000002370000-0x000000000239E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/880-9-0x0000000004BB0000-0x0000000004BB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/880-10-0x0000000002610000-0x000000000263C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/880-11-0x0000000002332000-0x0000000002333000-memory.dmp

    Filesize

    4KB

    Download

  • memory/880-12-0x0000000002333000-0x0000000002334000-memory.dmp

    Filesize

    4KB

    Download

  • memory/880-13-0x00000000050B0000-0x00000000050B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/880-14-0x0000000005130000-0x0000000005131000-memory.dmp

    Filesize

    4KB

    Download

  • memory/880-15-0x0000000002334000-0x0000000002336000-memory.dmp

    Filesize

    8KB

    Download

  • memory/880-16-0x00000000051A0000-0x00000000051A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/880-17-0x0000000005840000-0x0000000005841000-memory.dmp

    Filesize

    4KB

    Download

  • memory/880-18-0x00000000058A0000-0x00000000058A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/880-19-0x00000000059E0000-0x00000000059E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/880-20-0x0000000005B50000-0x0000000005B51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/880-21-0x0000000006720000-0x0000000006721000-memory.dmp

    Filesize

    4KB

    Download

  • memory/880-22-0x0000000006900000-0x0000000006901000-memory.dmp

    Filesize

    4KB

    Download

  • memory/880-23-0x0000000006F40000-0x0000000006F41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/880-24-0x0000000006FF0000-0x0000000006FF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/880-25-0x00000000077F0000-0x00000000077F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/880-26-0x0000000007870000-0x0000000007871000-memory.dmp

    Filesize

    4KB

    Download