Overview

overview

10

Static

static

1019a49684...0b.exe

windows7_x64

10

1019a49684...0b.exe

windows10_x64

10

Analysis

  • max time kernel
    64s
  • max time network
    139s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    12-02-2021 19:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1019a49684d1fe54d86907d16d1bd90b.exe

  • Size

    387KB

  • MD5

    1019a49684d1fe54d86907d16d1bd90b

  • SHA1

    9a5089606f1c0eb094635de11f9567228d78e21f

  • SHA256

    c434d4da9f9111e836666c93d246f062baa801b1fd098ab670c537353483bad0

  • SHA512

    5832b8e7cdc4d677ceba57e771ed117ab191b3c7f6967cf90c5ab3a06cb1b7d647630c49df6bf43a25e06ea6b09329b46fbdd4b7fcca6507b72e7b0d35d3b990

Score
10/10
redlinediscoveryinfostealerspyware

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1019a49684d1fe54d86907d16d1bd90b.exe
    "C:\Users\Admin\AppData\Local\Temp\1019a49684d1fe54d86907d16d1bd90b.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1092

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1092-2-0x0000000002260000-0x0000000002261000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1092-3-0x0000000002510000-0x0000000002511000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1092-4-0x0000000073D00000-0x00000000743EE000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/1092-5-0x00000000020F0000-0x0000000002127000-memory.dmp
    Filesize

    220KB

    Download
  • memory/1092-6-0x0000000000400000-0x000000000043A000-memory.dmp
    Filesize

    232KB

    Download
  • memory/1092-7-0x0000000002220000-0x000000000224E000-memory.dmp
    Filesize

    184KB

    Download
  • memory/1092-8-0x0000000004C10000-0x0000000004C11000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1092-9-0x0000000004A20000-0x0000000004A4C000-memory.dmp
    Filesize

    176KB

    Download
  • memory/1092-10-0x0000000004A50000-0x0000000004A51000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1092-11-0x0000000004AE0000-0x0000000004AE1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1092-12-0x0000000005110000-0x0000000005111000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1092-14-0x0000000004C02000-0x0000000004C03000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1092-13-0x0000000004C00000-0x0000000004C01000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1092-15-0x0000000004C03000-0x0000000004C04000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1092-16-0x0000000004C04000-0x0000000004C06000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1092-17-0x0000000005720000-0x0000000005721000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1092-18-0x0000000005740000-0x0000000005741000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1092-19-0x00000000058A0000-0x00000000058A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1092-20-0x0000000005A20000-0x0000000005A21000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1092-21-0x00000000065F0000-0x00000000065F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1092-22-0x00000000067D0000-0x00000000067D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1092-23-0x0000000006E10000-0x0000000006E11000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1092-24-0x0000000006EC0000-0x0000000006EC1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1092-25-0x00000000073B0000-0x00000000073B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1092-26-0x0000000007740000-0x0000000007741000-memory.dmp
    Filesize

    4KB

    Download