Overview

overview

10

Static

static

SecuriteIn...84.exe

windows7_x64

10

SecuriteIn...84.exe

windows10_x64

10

Analysis

  • max time kernel
    28s
  • max time network
    112s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    03-06-2021 14:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Trojan.GenericKD.37018260.17870.25484.exe

  • Size

    421KB

  • MD5

    6972482b38fda49d5ea9f11bd2496909

  • SHA1

    3f70b20432fa4ceb9cff4c3bd28028183d7e6fa3

  • SHA256

    69e411368f9407c3c25b453792bd383fed96eb6bb6a7e9d0cf06d980add295c6

  • SHA512

    364238d4e97a6811f3fa3942ce528e4fd0a0666539d881d43c7e37428dbe6a05c1fc018e873ba3d02fe0bfee6522013f361fd8c8962dad99ef4734207b71079e

Score
10/10
redlinenewinfostealer

Malware Config

Extracted

Family

redline

Botnet

new

C2

45.134.225.35:7821

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.37018260.17870.25484.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.37018260.17870.25484.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3944
    • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.37018260.17870.25484.exe
      C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.37018260.17870.25484.exe
      2⤵
        PID:2808
      • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.37018260.17870.25484.exe
        C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.37018260.17870.25484.exe
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2008

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Trojan.GenericKD.37018260.17870.25484.exe.log
      MD5

      413e636dfe7146f137f76ec1bd6a921d

      SHA1

      b43f95ad87a2028c7b7bbbd6611310d1655ca449

      SHA256

      37d9b8f70d335ace58e7f2cb4c6cbb2bacdfd75aa7c810956401b28d0ae87980

      SHA512

      26f2288c7ac98c1054ecf5e5ccbb99148e30fa69c2f183f54acf4b059a24824990932ccbf88e3f181663729ee4b2db5efc544ed5bdcd92d0ca46eb726cea084d

      Download Submit

    • memory/2008-132-0x0000000004D40000-0x0000000004D41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2008-126-0x0000000000400000-0x000000000041C000-memory.dmp

      Filesize

      112KB

      Download

    • memory/2008-127-0x0000000000417306-mapping.dmp

      Download

    • memory/2008-131-0x0000000005400000-0x0000000005401000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2008-133-0x0000000004DA0000-0x0000000004DA1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2008-134-0x0000000004DF0000-0x0000000004DF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2008-135-0x0000000005050000-0x0000000005051000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2008-136-0x0000000004DE0000-0x0000000004DE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3944-121-0x00000000053C0000-0x00000000053C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3944-122-0x00000000052F0000-0x0000000005342000-memory.dmp

      Filesize

      328KB

      Download

    • memory/3944-125-0x00000000054E0000-0x00000000054E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3944-116-0x00000000013F0000-0x00000000013FC000-memory.dmp

      Filesize

      48KB

      Download

    • memory/3944-114-0x0000000000A90000-0x0000000000A91000-memory.dmp

      Filesize

      4KB

      Download