Overview

overview

10

Static

static

483dfb5d1e...38.exe

windows7_x64

10

483dfb5d1e...38.exe

windows10_x64

10

Analysis

  • max time kernel
    23s
  • max time network
    22s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    31-03-2021 12:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    483dfb5d1e3d6a2da44d470459421a38.exe

  • Size

    353KB

  • MD5

    483dfb5d1e3d6a2da44d470459421a38

  • SHA1

    8980996a8ff96f53eec4098e44145f8eb7cfaf26

  • SHA256

    763523c1b4a8e9aa4583af76c6706ccac9df72244a3b8fc70ac81f864bcf7ed9

  • SHA512

    222083e593404936edc5e4c436df7cf1826911d3d781022a3f938c390e600b27584ad548f02d3e3425aa1e9e72929fecd67ba9c7a81f178ecb09f524c92bcac9

Score
10/10
redlinevavilondiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

vavilon

C2

152.228.146.168:57727

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\483dfb5d1e3d6a2da44d470459421a38.exe
    "C:\Users\Admin\AppData\Local\Temp\483dfb5d1e3d6a2da44d470459421a38.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1740

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1740-2-0x0000000001970000-0x0000000001981000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1740-3-0x00000000031D0000-0x00000000031E1000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1740-5-0x00000000003A0000-0x00000000003DA000-memory.dmp
    Filesize

    232KB

    Download
  • memory/1740-6-0x0000000000400000-0x000000000043D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/1740-4-0x00000000741A0000-0x000000007488E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/1740-7-0x0000000005A20000-0x0000000005A54000-memory.dmp
    Filesize

    208KB

    Download
  • memory/1740-8-0x0000000005A60000-0x0000000005A92000-memory.dmp
    Filesize

    200KB

    Download
  • memory/1740-10-0x0000000005B72000-0x0000000005B73000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1740-9-0x0000000005B71000-0x0000000005B72000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1740-11-0x0000000005B73000-0x0000000005B74000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1740-12-0x0000000005B74000-0x0000000005B76000-memory.dmp
    Filesize

    8KB

    Download