Overview

overview

10

Static

static

10

cbb62490f1...f6.exe

windows7_x64

10

cbb62490f1...f6.exe

windows10_x64

10

Analysis

  • max time kernel
    17s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    10-06-2021 23:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cbb62490f144ce119dcbe5d1ef7f4ff6.exe

  • Size

    1.1MB

  • MD5

    cbb62490f144ce119dcbe5d1ef7f4ff6

  • SHA1

    4a153e0057673011a7fdc38eed71f11fc9708e90

  • SHA256

    9890b3cc84a7417c40435676f4e27e4a816143a4545a7c3cb75cc4b3819945e4

  • SHA512

    203111d011c842400f8cd5cdf8b9ee2ffabe7ef162535db1385f97843675b25400b52811d7d199cf2737148625b106f85b5ba6dc5244f394c55caf86bec77282

Score
10/10
redlinediscoveryinfostealerspywarestealer

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cbb62490f144ce119dcbe5d1ef7f4ff6.exe
    "C:\Users\Admin\AppData\Local\Temp\cbb62490f144ce119dcbe5d1ef7f4ff6.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1720

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1720-60-0x0000000000E80000-0x0000000000E81000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1720-62-0x0000000000BC0000-0x0000000000BC1000-memory.dmp
    Filesize

    4KB

    Download