Overview

overview

10

Static

static

2af4d56109...95.exe

windows7_x64

10

2af4d56109...95.exe

windows10_x64

10

Analysis

  • max time kernel
    23s
  • max time network
    112s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    13-02-2021 20:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2af4d5610934c0f627fcf69e79b61195.exe

  • Size

    245KB

  • MD5

    2af4d5610934c0f627fcf69e79b61195

  • SHA1

    90656cc326f3105afea7d8e0a91b2e3e7e701c9e

  • SHA256

    687459064daabf67f8b61dc974e0b531f07aeda1f2084ae5ae6f2e1ab85a453c

  • SHA512

    8bf0d0a3e80753c03f346d79c7b630e1d54bc12a45762bfe255aebea300276d5f4ca1ad3cf3302b54ea91919dcf35e9ace0c9f0a9973795bb5a2d8ba3e12d209

Score
10/10
redlinediscoveryinfostealerspyware

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2af4d5610934c0f627fcf69e79b61195.exe
    "C:\Users\Admin\AppData\Local\Temp\2af4d5610934c0f627fcf69e79b61195.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1048

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1048-2-0x0000000000B00000-0x0000000000B01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1048-3-0x00000000023B0000-0x00000000023B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1048-5-0x0000000000970000-0x00000000009A7000-memory.dmp

    Filesize

    220KB

    Download

  • memory/1048-6-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/1048-4-0x0000000073280000-0x000000007396E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1048-7-0x00000000026A0000-0x00000000026CE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1048-9-0x0000000004C72000-0x0000000004C73000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1048-8-0x0000000004C70000-0x0000000004C71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1048-10-0x0000000004C73000-0x0000000004C74000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1048-11-0x0000000004C80000-0x0000000004C81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1048-12-0x0000000004B80000-0x0000000004BAC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1048-13-0x0000000004BB0000-0x0000000004BB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1048-14-0x0000000005180000-0x0000000005181000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1048-15-0x0000000005200000-0x0000000005201000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1048-16-0x0000000004C74000-0x0000000004C76000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1048-17-0x00000000058A0000-0x00000000058A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1048-18-0x0000000005900000-0x0000000005901000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1048-19-0x0000000005A40000-0x0000000005A41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1048-20-0x0000000005BB0000-0x0000000005BB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1048-21-0x0000000006780000-0x0000000006781000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1048-22-0x0000000006960000-0x0000000006961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1048-23-0x0000000006FA0000-0x0000000006FA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1048-24-0x0000000007050000-0x0000000007051000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1048-25-0x0000000008200000-0x0000000008201000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1048-26-0x00000000084B0000-0x00000000084B1000-memory.dmp

    Filesize

    4KB

    Download