Overview

overview

10

Static

static

A75F.exe

windows7_x64

10

A75F.exe

windows10_x64

10

Analysis

  • max time kernel
    53s
  • max time network
    53s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    13-02-2021 13:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    A75F.exe

  • Size

    235KB

  • MD5

    f350e12541835a5eee54cf0d5a5aa5f4

  • SHA1

    68a33f9ceb9fce762638aea0349f5a8410968262

  • SHA256

    4d788f0e1a3be7d6e706fcba03282ae62a0ab8df95014feb9f026bce5ddff089

  • SHA512

    aa14ca6d6fac284330ede40c5998b33303da1556d83329e798a3e1ee7531920131816014b0550b98986aeef6f5ecfddb87092f9408dea28d314e7416711a7878

Score
10/10
redlinediscoveryinfostealerspyware

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\A75F.exe
    "C:\Users\Admin\AppData\Local\Temp\A75F.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1152

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1152-2-0x0000000000A50000-0x0000000000A61000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1152-3-0x0000000001FB0000-0x0000000001FC1000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1152-4-0x0000000000270000-0x00000000002A7000-memory.dmp
    Filesize

    220KB

    Download
  • memory/1152-5-0x0000000000400000-0x000000000043A000-memory.dmp
    Filesize

    232KB

    Download
  • memory/1152-6-0x0000000074260000-0x000000007494E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/1152-7-0x0000000002050000-0x000000000207E000-memory.dmp
    Filesize

    184KB

    Download
  • memory/1152-8-0x0000000002100000-0x000000000212C000-memory.dmp
    Filesize

    176KB

    Download
  • memory/1152-11-0x00000000049E3000-0x00000000049E4000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1152-12-0x00000000049E4000-0x00000000049E6000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1152-10-0x00000000049E2000-0x00000000049E3000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1152-9-0x00000000049E1000-0x00000000049E2000-memory.dmp
    Filesize

    4KB

    Download