Overview

overview

10

Static

static

10

3c795310fb...73.exe

windows7_x64

10

3c795310fb...73.exe

windows10_x64

10

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    11-05-2021 14:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3c795310fba80298492c46fd2a284873.exe

  • Size

    107KB

  • MD5

    3c795310fba80298492c46fd2a284873

  • SHA1

    f057eb36c03c6d785d26bc6ca95d5d6f8f8ccda3

  • SHA256

    55fd4b535cce4249de23d8eb6c823f0f000e9e988c72a5a88d55353d84692271

  • SHA512

    40cabe677900de9eee08eea0b285dce689c18b5e2ab526d55d8983f19b14330f226d0a9d5d1f859c42f3f0cbdfcd5aa510c8a2c3d9ae0373f2f1b6e2f82470b0

Score
10/10
redlinediscoveryinfostealerspywarestealer

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3c795310fba80298492c46fd2a284873.exe
    "C:\Users\Admin\AppData\Local\Temp\3c795310fba80298492c46fd2a284873.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4084

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4084-114-0x0000000000BA0000-0x0000000000BA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4084-116-0x00000000059E0000-0x00000000059E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4084-117-0x0000000002F60000-0x0000000002F61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4084-118-0x0000000005410000-0x0000000005411000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4084-119-0x0000000005450000-0x0000000005451000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4084-120-0x00000000053D0000-0x00000000059D6000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/4084-121-0x00000000056C0000-0x00000000056C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4084-122-0x00000000064C0000-0x00000000064C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4084-123-0x0000000006A60000-0x0000000006A61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4084-124-0x0000000006F60000-0x0000000006F61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4084-125-0x0000000007660000-0x0000000007661000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4084-126-0x0000000007130000-0x0000000007131000-memory.dmp

    Filesize

    4KB

    Download