Overview

overview

10

Static

static

12fe6186dd...9c.exe

windows7_x64

10

12fe6186dd...9c.exe

windows10_x64

10

Analysis

  • max time kernel
    87s
  • max time network
    150s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    23-03-2021 08:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    12fe6186dd281349e28df9d1004eb09c.exe

  • Size

    135KB

  • MD5

    12fe6186dd281349e28df9d1004eb09c

  • SHA1

    2b19b9a7035bce9e84148572ff203a9eac5643ca

  • SHA256

    63cfc80c74fed86dc87089e54f58fa3945845d144c91716aef079986c52ec019

  • SHA512

    23edad4ff22ef7de1d8e6a8735a733d7d7382aeae685f82bf93485046c37f9ee9a00b26ba11516051983330f8c7e7c8592dff827024e1917800c872ae7d2ec71

Score
10/10
redlinediscoveryinfostealerspywarestealer

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\12fe6186dd281349e28df9d1004eb09c.exe
    "C:\Users\Admin\AppData\Local\Temp\12fe6186dd281349e28df9d1004eb09c.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:540

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/540-2-0x0000000073520000-0x0000000073C0E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/540-3-0x00000000006D0000-0x00000000006D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/540-5-0x0000000004FE0000-0x0000000004FE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/540-6-0x0000000002AC0000-0x0000000002AC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/540-7-0x00000000055E0000-0x00000000055E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/540-8-0x0000000005D70000-0x0000000005D71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/540-9-0x0000000005800000-0x0000000005801000-memory.dmp

    Filesize

    4KB

    Download

  • memory/540-10-0x0000000005860000-0x0000000005861000-memory.dmp

    Filesize

    4KB

    Download

  • memory/540-11-0x00000000058A0000-0x00000000058A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/540-12-0x0000000005B00000-0x0000000005B01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/540-13-0x0000000006B10000-0x0000000006B11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/540-14-0x0000000007210000-0x0000000007211000-memory.dmp

    Filesize

    4KB

    Download

  • memory/540-15-0x0000000006CE0000-0x0000000006CE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/540-16-0x0000000007C40000-0x0000000007C41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/540-17-0x0000000006D80000-0x0000000006D81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/540-18-0x0000000002AC1000-0x0000000002AC2000-memory.dmp

    Filesize

    4KB

    Download

  • memory/540-19-0x0000000008960000-0x0000000008961000-memory.dmp

    Filesize

    4KB

    Download