Overview

overview

10

Static

static

8079d6d311...55.exe

windows7_x64

10

8079d6d311...55.exe

windows10_x64

10

Analysis

  • max time kernel
    16s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    12-02-2021 19:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8079d6d3116fb3168a1a52735da44b55.exe

  • Size

    341KB

  • MD5

    8079d6d3116fb3168a1a52735da44b55

  • SHA1

    43170663978d1dae037abdb42145e9f2e2ed34a7

  • SHA256

    2852a664525d2400ec504f287eee68bc78f1079bcf5d8f3250e3a0a90cc62d1b

  • SHA512

    d4a10ea09fd673f4646b3d5e4647cea07ef4bc970dfb7e231eff79be8110e6797a653288b0d94a1b75220b14e37aebad515066c564f7025ab2095af2e54fd406

Score
10/10
redlinediscoveryinfostealerspyware

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8079d6d3116fb3168a1a52735da44b55.exe
    "C:\Users\Admin\AppData\Local\Temp\8079d6d3116fb3168a1a52735da44b55.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:776

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/776-2-0x0000000001DF0000-0x0000000001E01000-memory.dmp

    Filesize

    68KB

    Download

  • memory/776-3-0x0000000001F30000-0x0000000001F41000-memory.dmp

    Filesize

    68KB

    Download

  • memory/776-4-0x0000000073F20000-0x000000007460E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/776-5-0x0000000000540000-0x000000000056E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/776-7-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/776-8-0x0000000004A51000-0x0000000004A52000-memory.dmp

    Filesize

    4KB

    Download

  • memory/776-6-0x0000000000230000-0x0000000000267000-memory.dmp

    Filesize

    220KB

    Download

  • memory/776-9-0x0000000004A52000-0x0000000004A53000-memory.dmp

    Filesize

    4KB

    Download

  • memory/776-10-0x0000000000570000-0x000000000059C000-memory.dmp

    Filesize

    176KB

    Download