Overview

overview

10

Static

static

30073d7cc8...44.exe

windows7_x64

10

30073d7cc8...44.exe

windows10_x64

10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    18-02-2021 07:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    30073d7cc81768ddd8e3bb1b08b9f144.exe

  • Size

    428KB

  • MD5

    30073d7cc81768ddd8e3bb1b08b9f144

  • SHA1

    439eb4d721bd814b04598890736685506a5bfcf1

  • SHA256

    ddd810853f9fa4626060db340eaf5c38b614b81be0dc05f92c0f5356431bc9c5

  • SHA512

    b90a32f870794b5e0f979774c16ee333ab032d24508a38949ddae095f87b7eb2754e3f84b8f1c234cbb219ea436ffea3e2da3d0379b9c9b7434df5b64039252a

Score
10/10
redlinediscoveryinfostealerspyware

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\30073d7cc81768ddd8e3bb1b08b9f144.exe
    "C:\Users\Admin\AppData\Local\Temp\30073d7cc81768ddd8e3bb1b08b9f144.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:308

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/308-2-0x0000000002D90000-0x0000000002DA1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/308-3-0x0000000004590000-0x00000000045A1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/308-5-0x00000000002E0000-0x0000000000316000-memory.dmp

    Filesize

    216KB

    Download

  • memory/308-6-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/308-4-0x0000000074040000-0x000000007472E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/308-7-0x00000000047F0000-0x000000000481C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/308-9-0x00000000070C2000-0x00000000070C3000-memory.dmp

    Filesize

    4KB

    Download

  • memory/308-8-0x00000000070C1000-0x00000000070C2000-memory.dmp

    Filesize

    4KB

    Download

  • memory/308-10-0x00000000070C3000-0x00000000070C4000-memory.dmp

    Filesize

    4KB

    Download

  • memory/308-11-0x0000000004820000-0x000000000484A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/308-12-0x00000000070C4000-0x00000000070C6000-memory.dmp

    Filesize

    8KB

    Download