Overview

overview

10

Static

static

a5c4f315da...68.exe

windows7_x64

10

a5c4f315da...68.exe

windows10_x64

10

Analysis

  • max time kernel
    23s
  • max time network
    121s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    25-07-2021 04:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a5c4f315da3e205c9f3af915ebb19668.exe

  • Size

    303KB

  • MD5

    a5c4f315da3e205c9f3af915ebb19668

  • SHA1

    504f2125ca265d93e281f69a3e7e547fc7118f64

  • SHA256

    0fc2088b8cb286ca22b3b753c133cca59414c6a1298fb76af5d54ddb6c61a873

  • SHA512

    c954588ddf724f1df77a1988bb8e2ed5fdec1c5f7538c7fe0882eb52b33b46223046b3d2361f83893ae84fc30fbe7be39a90d6535d9ccf240e55f3f2d3d25d08

Score
10/10
redlinesewpalpadindiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

SewPalpadin

C2

185.215.113.114:8887

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a5c4f315da3e205c9f3af915ebb19668.exe
    "C:\Users\Admin\AppData\Local\Temp\a5c4f315da3e205c9f3af915ebb19668.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:664

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/664-114-0x00000000026C0000-0x00000000026DB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/664-116-0x0000000000400000-0x00000000008B6000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/664-117-0x0000000004FF0000-0x0000000004FF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/664-115-0x00000000008C0000-0x0000000000A0A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/664-118-0x0000000005000000-0x0000000005001000-memory.dmp

    Filesize

    4KB

    Download

  • memory/664-119-0x0000000002AA0000-0x0000000002AB9000-memory.dmp

    Filesize

    100KB

    Download

  • memory/664-120-0x0000000005500000-0x0000000005501000-memory.dmp

    Filesize

    4KB

    Download

  • memory/664-122-0x0000000004FF3000-0x0000000004FF4000-memory.dmp

    Filesize

    4KB

    Download

  • memory/664-121-0x0000000004FF2000-0x0000000004FF3000-memory.dmp

    Filesize

    4KB

    Download

  • memory/664-123-0x0000000004EA0000-0x0000000004EA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/664-124-0x0000000004EC0000-0x0000000004EC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/664-125-0x0000000004F20000-0x0000000004F21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/664-126-0x0000000004FF4000-0x0000000004FF6000-memory.dmp

    Filesize

    8KB

    Download

  • memory/664-127-0x0000000005BD0000-0x0000000005BD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/664-128-0x00000000068B0000-0x00000000068B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/664-129-0x0000000006A80000-0x0000000006A81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/664-130-0x00000000070D0000-0x00000000070D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/664-131-0x0000000007310000-0x0000000007311000-memory.dmp

    Filesize

    4KB

    Download