Analysis
-
max time kernel
19s -
max time network
106s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
05-03-2021 14:02
General
-
Target
1d4f86998febcd63769ffabf86ad4177.exe
-
Size
395KB
-
MD5
1d4f86998febcd63769ffabf86ad4177
-
SHA1
827697cbe8330e344117703942328d5ce2027f95
-
SHA256
e273f65f5eff32aa37c8e88a9cc825b4826eabc8b8e708d850a0b4a3bdd60b8a
-
SHA512
a1c7184794b40bb60e70ced361222e65a684368e1b4f7092d0161386a9010c9e8cc8261708bfe445a71251e35298811f8a380a152d9f0092512e4f4205f794c5
Score
10/10
Malware Config
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1d4f86998febcd63769ffabf86ad4177.exe"C:\Users\Admin\AppData\Local\Temp\1d4f86998febcd63769ffabf86ad4177.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1176-2-0x0000000000BD0000-0x0000000000BD1000-memory.dmpFilesize
4KB
-
memory/1176-3-0x0000000002880000-0x0000000002881000-memory.dmpFilesize
4KB
-
memory/1176-4-0x0000000073950000-0x000000007403E000-memory.dmpFilesize
6.9MB
-
memory/1176-5-0x0000000000860000-0x0000000000895000-memory.dmpFilesize
212KB
-
memory/1176-6-0x0000000000400000-0x0000000000438000-memory.dmpFilesize
224KB
-
memory/1176-7-0x0000000002680000-0x00000000026AA000-memory.dmpFilesize
168KB
-
memory/1176-8-0x00000000050A0000-0x00000000050A1000-memory.dmpFilesize
4KB
-
memory/1176-9-0x0000000002840000-0x0000000002868000-memory.dmpFilesize
160KB
-
memory/1176-10-0x0000000002880000-0x0000000002881000-memory.dmpFilesize
4KB
-
memory/1176-11-0x0000000005090000-0x0000000005091000-memory.dmpFilesize
4KB
-
memory/1176-13-0x0000000005093000-0x0000000005094000-memory.dmpFilesize
4KB
-
memory/1176-12-0x0000000005092000-0x0000000005093000-memory.dmpFilesize
4KB
-
memory/1176-14-0x0000000005094000-0x0000000005096000-memory.dmpFilesize
8KB
-
memory/1176-15-0x0000000005070000-0x0000000005071000-memory.dmpFilesize
4KB
-
memory/1176-16-0x0000000005AE0000-0x0000000005AE1000-memory.dmpFilesize
4KB
-
memory/1176-17-0x0000000006170000-0x0000000006171000-memory.dmpFilesize
4KB
-
memory/1176-18-0x0000000006190000-0x0000000006191000-memory.dmpFilesize
4KB
-
memory/1176-19-0x0000000006300000-0x0000000006301000-memory.dmpFilesize
4KB
-
memory/1176-20-0x0000000006480000-0x0000000006481000-memory.dmpFilesize
4KB
-
memory/1176-21-0x0000000006C90000-0x0000000006C91000-memory.dmpFilesize
4KB
-
memory/1176-22-0x0000000006E70000-0x0000000006E71000-memory.dmpFilesize
4KB
-
memory/1176-23-0x00000000074B0000-0x00000000074B1000-memory.dmpFilesize
4KB
-
memory/1176-24-0x0000000007560000-0x0000000007561000-memory.dmpFilesize
4KB
-
memory/1176-25-0x0000000008960000-0x0000000008961000-memory.dmpFilesize
4KB
-
memory/1176-26-0x00000000089C0000-0x00000000089C1000-memory.dmpFilesize
4KB