Analysis
-
max time kernel
18s -
max time network
70s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
12-02-2021 19:30
General
-
Target
8079d6d3116fb3168a1a52735da44b55.exe
-
Size
341KB
-
MD5
8079d6d3116fb3168a1a52735da44b55
-
SHA1
43170663978d1dae037abdb42145e9f2e2ed34a7
-
SHA256
2852a664525d2400ec504f287eee68bc78f1079bcf5d8f3250e3a0a90cc62d1b
-
SHA512
d4a10ea09fd673f4646b3d5e4647cea07ef4bc970dfb7e231eff79be8110e6797a653288b0d94a1b75220b14e37aebad515066c564f7025ab2095af2e54fd406
Score
10/10
Malware Config
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 2 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8079d6d3116fb3168a1a52735da44b55.exe"C:\Users\Admin\AppData\Local\Temp\8079d6d3116fb3168a1a52735da44b55.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/896-2-0x0000000002270000-0x0000000002271000-memory.dmpFilesize
4KB
-
memory/896-3-0x0000000002270000-0x0000000002271000-memory.dmpFilesize
4KB
-
memory/896-4-0x0000000002440000-0x0000000002441000-memory.dmpFilesize
4KB
-
memory/896-5-0x0000000073800000-0x0000000073EEE000-memory.dmpFilesize
6.9MB
-
memory/896-6-0x0000000000640000-0x0000000000677000-memory.dmpFilesize
220KB
-
memory/896-7-0x0000000000400000-0x000000000043A000-memory.dmpFilesize
232KB
-
memory/896-9-0x0000000004D32000-0x0000000004D33000-memory.dmpFilesize
4KB
-
memory/896-11-0x0000000004D33000-0x0000000004D34000-memory.dmpFilesize
4KB
-
memory/896-10-0x0000000004D40000-0x0000000004D41000-memory.dmpFilesize
4KB
-
memory/896-8-0x0000000002780000-0x00000000027AE000-memory.dmpFilesize
184KB
-
memory/896-12-0x0000000004D30000-0x0000000004D31000-memory.dmpFilesize
4KB
-
memory/896-13-0x00000000027F0000-0x000000000281C000-memory.dmpFilesize
176KB
-
memory/896-14-0x0000000004B70000-0x0000000004B71000-memory.dmpFilesize
4KB
-
memory/896-15-0x0000000004C10000-0x0000000004C11000-memory.dmpFilesize
4KB
-
memory/896-16-0x0000000005240000-0x0000000005241000-memory.dmpFilesize
4KB
-
memory/896-17-0x0000000005850000-0x0000000005851000-memory.dmpFilesize
4KB
-
memory/896-18-0x0000000004D34000-0x0000000004D36000-memory.dmpFilesize
8KB
-
memory/896-19-0x0000000005870000-0x0000000005871000-memory.dmpFilesize
4KB
-
memory/896-20-0x00000000059D0000-0x00000000059D1000-memory.dmpFilesize
4KB
-
memory/896-21-0x0000000005B50000-0x0000000005B51000-memory.dmpFilesize
4KB
-
memory/896-22-0x0000000006720000-0x0000000006721000-memory.dmpFilesize
4KB
-
memory/896-23-0x0000000006900000-0x0000000006901000-memory.dmpFilesize
4KB
-
memory/896-24-0x0000000006F40000-0x0000000006F41000-memory.dmpFilesize
4KB
-
memory/896-25-0x0000000006FF0000-0x0000000006FF1000-memory.dmpFilesize
4KB
-
memory/896-26-0x0000000007810000-0x0000000007811000-memory.dmpFilesize
4KB
-
memory/896-27-0x0000000007870000-0x0000000007871000-memory.dmpFilesize
4KB