Overview

overview

10

Static

static

9a683ec032...57.exe

windows7_x64

10

9a683ec032...57.exe

windows10_x64

10

Analysis

  • max time kernel
    133s
  • max time network
    141s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    06-05-2021 19:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9a683ec03220d633a7cce5da8a6d7c9febe608eb45e57.exe

  • Size

    888KB

  • MD5

    57179b3e7c3f753a918ab68ec2ba5af4

  • SHA1

    aa542ee29b078b3ae446b2021dce6b5fc690accd

  • SHA256

    9a683ec03220d633a7cce5da8a6d7c9febe608eb45e572691e12600a2d6d58f0

  • SHA512

    c4f9bcde5cda179371432c96e132581edd2e0d9a550893d891a0d207533b87a245a75cc29c1cfb585d7e866f6bbe2dfa8d050a366d960b9205088af38b6907fd

Score
10/10
redlineinfostealer

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9a683ec03220d633a7cce5da8a6d7c9febe608eb45e57.exe
    "C:\Users\Admin\AppData\Local\Temp\9a683ec03220d633a7cce5da8a6d7c9febe608eb45e57.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:640
    • C:\Users\Admin\AppData\Local\Temp\9a683ec03220d633a7cce5da8a6d7c9febe608eb45e57.exe
      "C:\Users\Admin\AppData\Local\Temp\9a683ec03220d633a7cce5da8a6d7c9febe608eb45e57.exe"
      2⤵
        PID:192
      • C:\Users\Admin\AppData\Local\Temp\9a683ec03220d633a7cce5da8a6d7c9febe608eb45e57.exe
        "C:\Users\Admin\AppData\Local\Temp\9a683ec03220d633a7cce5da8a6d7c9febe608eb45e57.exe"
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:200

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/200-123-0x00000000004163C2-mapping.dmp
      Download
    • memory/200-131-0x0000000005BC0000-0x0000000005BC1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/200-130-0x0000000005820000-0x0000000005E26000-memory.dmp
      Filesize

      6.0MB

      Download
    • memory/200-129-0x0000000005950000-0x0000000005951000-memory.dmp
      Filesize

      4KB

      Download
    • memory/200-128-0x0000000005910000-0x0000000005911000-memory.dmp
      Filesize

      4KB

      Download
    • memory/200-127-0x00000000058B0000-0x00000000058B1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/200-126-0x0000000005E30000-0x0000000005E31000-memory.dmp
      Filesize

      4KB

      Download
    • memory/200-122-0x0000000000400000-0x000000000041C000-memory.dmp
      Filesize

      112KB

      Download
    • memory/640-118-0x0000000004EE0000-0x0000000004EE1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/640-121-0x0000000004E10000-0x0000000004E11000-memory.dmp
      Filesize

      4KB

      Download
    • memory/640-120-0x0000000004DA0000-0x000000000529E000-memory.dmp
      Filesize

      5.0MB

      Download
    • memory/640-119-0x0000000004DA0000-0x0000000004DC0000-memory.dmp
      Filesize

      128KB

      Download
    • memory/640-114-0x0000000000380000-0x0000000000381000-memory.dmp
      Filesize

      4KB

      Download
    • memory/640-117-0x0000000004E40000-0x0000000004E41000-memory.dmp
      Filesize

      4KB

      Download
    • memory/640-116-0x00000000052A0000-0x00000000052A1000-memory.dmp
      Filesize

      4KB

      Download