Overview

overview

10

Static

static

SecuriteIn...29.exe

windows7_x64

10

SecuriteIn...29.exe

windows10_x64

10

Analysis

  • max time kernel
    60s
  • max time network
    112s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    07-03-2021 23:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Trojan.GenericKD.36459959.22130.25929.exe

  • Size

    368KB

  • MD5

    4bf1d28524782e3de6d241c2bb625b5e

  • SHA1

    6f4719a1b5b00b6047108fb7e98dbaf516dad610

  • SHA256

    badb1739d819774ec20371577cb5435f40fd9943258fb3fbff14f078884c58e4

  • SHA512

    3f4632b10650603567742b2574c066b304149900fcf6e47faeed44fa0775aef9b83c0a940bf9dc1ee0813e642a65bb90df85f6dc95da9da6c1f1d7b834cf111c

Score
10/10
redlinediscoveryinfostealerspyware

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.36459959.22130.25929.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.36459959.22130.25929.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:640
    • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.36459959.22130.25929.exe
      "{path}"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2944

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Trojan.GenericKD.36459959.22130.25929.exe.log
    MD5

    0c2899d7c6746f42d5bbe088c777f94c

    SHA1

    622f66c5f7a3c91b28a9f43ce7c6cabadbf514f1

    SHA256

    5b0b99740cadaeff7b9891136644b396941547e20cc7eea646560d0dad5a5458

    SHA512

    ab7a3409ed4b6ca00358330a3aa4ef6de7d81eb21a5e24bb629ef6a7c7c4e2a70ca3accfbc989ed6e495fdb8eb6203a26d6f2a37b2a5809af4276af375b49078

    Download Submit
  • memory/640-3-0x0000000000970000-0x0000000000971000-memory.dmp
    Filesize

    4KB

    Download
  • memory/640-5-0x0000000005890000-0x0000000005891000-memory.dmp
    Filesize

    4KB

    Download
  • memory/640-6-0x0000000005260000-0x0000000005261000-memory.dmp
    Filesize

    4KB

    Download
  • memory/640-7-0x0000000005520000-0x0000000005521000-memory.dmp
    Filesize

    4KB

    Download
  • memory/640-8-0x0000000005210000-0x0000000005211000-memory.dmp
    Filesize

    4KB

    Download
  • memory/640-9-0x0000000008900000-0x0000000008901000-memory.dmp
    Filesize

    4KB

    Download
  • memory/640-10-0x0000000005870000-0x000000000587B000-memory.dmp
    Filesize

    44KB

    Download
  • memory/640-11-0x00000000089A0000-0x00000000089E6000-memory.dmp
    Filesize

    280KB

    Download
  • memory/640-2-0x0000000073190000-0x000000007387E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/2944-15-0x0000000073190000-0x000000007387E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/2944-22-0x0000000005C70000-0x0000000005C71000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2944-12-0x0000000000400000-0x0000000000426000-memory.dmp
    Filesize

    152KB

    Download
  • memory/2944-18-0x0000000002F80000-0x0000000002F81000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2944-19-0x0000000002E40000-0x0000000002E41000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2944-20-0x0000000005A50000-0x0000000005A51000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2944-21-0x00000000061E0000-0x00000000061E1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2944-13-0x000000000041E1AE-mapping.dmp
    Download
  • memory/2944-23-0x0000000005CD0000-0x0000000005CD1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2944-24-0x0000000005D10000-0x0000000005D11000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2944-25-0x0000000005F70000-0x0000000005F71000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2944-26-0x0000000006F80000-0x0000000006F81000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2944-27-0x0000000007680000-0x0000000007681000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2944-30-0x00000000071F0000-0x00000000071F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2944-31-0x0000000002E41000-0x0000000002E42000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2944-32-0x0000000008CD0000-0x0000000008CD1000-memory.dmp
    Filesize

    4KB

    Download