Overview

overview

10

Static

static

1019a49684...0b.exe

windows7_x64

10

1019a49684...0b.exe

windows10_x64

10

Analysis

  • max time kernel
    23s
  • max time network
    24s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    12-02-2021 19:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1019a49684d1fe54d86907d16d1bd90b.exe

  • Size

    387KB

  • MD5

    1019a49684d1fe54d86907d16d1bd90b

  • SHA1

    9a5089606f1c0eb094635de11f9567228d78e21f

  • SHA256

    c434d4da9f9111e836666c93d246f062baa801b1fd098ab670c537353483bad0

  • SHA512

    5832b8e7cdc4d677ceba57e771ed117ab191b3c7f6967cf90c5ab3a06cb1b7d647630c49df6bf43a25e06ea6b09329b46fbdd4b7fcca6507b72e7b0d35d3b990

Score
10/10
redlinediscoveryinfostealerspyware

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1019a49684d1fe54d86907d16d1bd90b.exe
    "C:\Users\Admin\AppData\Local\Temp\1019a49684d1fe54d86907d16d1bd90b.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:324

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/324-2-0x0000000001FD0000-0x0000000001FE1000-memory.dmp
    Filesize

    68KB

    Download
  • memory/324-3-0x00000000021D0000-0x00000000021E1000-memory.dmp
    Filesize

    68KB

    Download
  • memory/324-4-0x0000000074CA0000-0x000000007538E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/324-5-0x0000000000230000-0x0000000000267000-memory.dmp
    Filesize

    220KB

    Download
  • memory/324-6-0x0000000000400000-0x000000000043A000-memory.dmp
    Filesize

    232KB

    Download
  • memory/324-7-0x0000000001E90000-0x0000000001EBE000-memory.dmp
    Filesize

    184KB

    Download
  • memory/324-14-0x0000000004832000-0x0000000004833000-memory.dmp
    Filesize

    4KB

    Download
  • memory/324-13-0x0000000004831000-0x0000000004832000-memory.dmp
    Filesize

    4KB

    Download
  • memory/324-15-0x0000000004833000-0x0000000004834000-memory.dmp
    Filesize

    4KB

    Download
  • memory/324-16-0x0000000001FD0000-0x0000000001FFC000-memory.dmp
    Filesize

    176KB

    Download
  • memory/324-17-0x0000000004834000-0x0000000004836000-memory.dmp
    Filesize

    8KB

    Download