Overview

overview

10

Static

static

A4.exe

windows7_x64

10

A4.exe

windows10_x64

10

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    02-06-2021 08:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    A4.exe

  • Size

    421KB

  • MD5

    6972482b38fda49d5ea9f11bd2496909

  • SHA1

    3f70b20432fa4ceb9cff4c3bd28028183d7e6fa3

  • SHA256

    69e411368f9407c3c25b453792bd383fed96eb6bb6a7e9d0cf06d980add295c6

  • SHA512

    364238d4e97a6811f3fa3942ce528e4fd0a0666539d881d43c7e37428dbe6a05c1fc018e873ba3d02fe0bfee6522013f361fd8c8962dad99ef4734207b71079e

Score
10/10
redlinenewinfostealer

Malware Config

Extracted

Family

redline

Botnet

new

C2

45.134.225.35:7821

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\A4.exe
    "C:\Users\Admin\AppData\Local\Temp\A4.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3172
    • C:\Users\Admin\AppData\Local\Temp\A4.exe
      C:\Users\Admin\AppData\Local\Temp\A4.exe
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\A4.exe.log
    MD5

    413e636dfe7146f137f76ec1bd6a921d

    SHA1

    b43f95ad87a2028c7b7bbbd6611310d1655ca449

    SHA256

    37d9b8f70d335ace58e7f2cb4c6cbb2bacdfd75aa7c810956401b28d0ae87980

    SHA512

    26f2288c7ac98c1054ecf5e5ccbb99148e30fa69c2f183f54acf4b059a24824990932ccbf88e3f181663729ee4b2db5efc544ed5bdcd92d0ca46eb726cea084d

    Download Submit
  • memory/3172-114-0x00000000008C0000-0x00000000008C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3172-116-0x0000000001190000-0x000000000119C000-memory.dmp
    Filesize

    48KB

    Download
  • memory/3172-121-0x0000000005200000-0x0000000005201000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3172-122-0x0000000005130000-0x0000000005182000-memory.dmp
    Filesize

    328KB

    Download
  • memory/3172-125-0x00000000052F0000-0x00000000052F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4092-127-0x0000000000417306-mapping.dmp
    Download
  • memory/4092-126-0x0000000000400000-0x000000000041C000-memory.dmp
    Filesize

    112KB

    Download
  • memory/4092-131-0x00000000056D0000-0x00000000056D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4092-132-0x0000000005010000-0x0000000005011000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4092-133-0x0000000005070000-0x0000000005071000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4092-134-0x00000000050B0000-0x00000000050B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4092-135-0x00000000050C0000-0x00000000050C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4092-136-0x0000000005320000-0x0000000005321000-memory.dmp
    Filesize

    4KB

    Download