Overview

overview

10

Static

static

84867D3DAC...45.exe

windows7_x64

10

84867D3DAC...45.exe

windows10_x64

10

Analysis

  • max time kernel
    19s
  • max time network
    113s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    21-07-2021 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    84867D3DACCDEC9B8D2A10CA4EC9EF45.exe

  • Size

    260KB

  • MD5

    84867d3daccdec9b8d2a10ca4ec9ef45

  • SHA1

    432e3a5a463f2ec7b18beca594a9f357839c4ed2

  • SHA256

    5ef6a3e8a70847b098a042ce963d12ec6e777c0c335b33d64e232912807af219

  • SHA512

    dd7e6307d54f43e3430c3853b1fda0d944fb164f7e1f0257bb1aa59a6a8430355c2d461e70d20a9556994d68da3404b69b2814226e41090f330f7e23474ac045

Score
10/10
redline170discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

170

C2

147.124.222.75:42864

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\84867D3DACCDEC9B8D2A10CA4EC9EF45.exe
    "C:\Users\Admin\AppData\Local\Temp\84867D3DACCDEC9B8D2A10CA4EC9EF45.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3156

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3156-114-0x0000000002700000-0x000000000271B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3156-115-0x0000000005110000-0x0000000005111000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3156-116-0x0000000002900000-0x0000000002919000-memory.dmp

    Filesize

    100KB

    Download

  • memory/3156-117-0x0000000005610000-0x0000000005611000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3156-118-0x0000000002AE0000-0x0000000002AE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3156-119-0x0000000002B00000-0x0000000002B01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3156-120-0x00000000001C0000-0x00000000001EF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3156-121-0x0000000000400000-0x00000000008AA000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/3156-123-0x0000000005102000-0x0000000005103000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3156-122-0x0000000005100000-0x0000000005101000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3156-124-0x0000000005103000-0x0000000005104000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3156-125-0x0000000005050000-0x0000000005051000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3156-126-0x0000000005D00000-0x0000000005D01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3156-127-0x0000000005104000-0x0000000005106000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3156-128-0x00000000069E0000-0x00000000069E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3156-129-0x0000000006BB0000-0x0000000006BB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3156-130-0x0000000007200000-0x0000000007201000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3156-131-0x0000000007550000-0x0000000007551000-memory.dmp

    Filesize

    4KB

    Download