Overview

overview

10

Static

static

aae688a16a...3c.exe

windows7_x64

10

aae688a16a...3c.exe

windows10_x64

10

Analysis

  • max time kernel
    16s
  • max time network
    116s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    25-07-2021 10:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aae688a16a5bd098f7b696c2dcdb713c.exe

  • Size

    321KB

  • MD5

    aae688a16a5bd098f7b696c2dcdb713c

  • SHA1

    a4b3576feb789f5c58da2178e3b3c40f7ef185ad

  • SHA256

    2cba8012f3deb21e3f361d5a3f07cc794b6e18e63b07c98aa2cbd78233cee70e

  • SHA512

    4f43d0666c68838db0d42500df306a2a9663865aa749fb73c3d295ed890394533ec571b3bb943e206f3285fd797aa2643efa0271983d2de9f8c9b4708747295f

Score
10/10
redlinesewpalpadindiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

SewPalpadin

C2

185.215.113.114:8887

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aae688a16a5bd098f7b696c2dcdb713c.exe
    "C:\Users\Admin\AppData\Local\Temp\aae688a16a5bd098f7b696c2dcdb713c.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3172

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3172-115-0x0000000000400000-0x0000000002B94000-memory.dmp

    Filesize

    39.6MB

    Download

  • memory/3172-114-0x0000000002BA0000-0x0000000002CEA000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3172-116-0x00000000049B0000-0x00000000049CB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3172-117-0x0000000007190000-0x0000000007191000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3172-118-0x0000000004D70000-0x0000000004D89000-memory.dmp

    Filesize

    100KB

    Download

  • memory/3172-119-0x0000000007690000-0x0000000007691000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3172-120-0x0000000007CA0000-0x0000000007CA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3172-121-0x0000000007CC0000-0x0000000007CC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3172-122-0x0000000004E10000-0x0000000004E11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3172-123-0x0000000004E12000-0x0000000004E13000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3172-124-0x0000000004E13000-0x0000000004E14000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3172-125-0x0000000007D20000-0x0000000007D21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3172-126-0x0000000004E14000-0x0000000004E16000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3172-127-0x0000000007EB0000-0x0000000007EB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3172-128-0x0000000008B90000-0x0000000008B91000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3172-129-0x0000000008D60000-0x0000000008D61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3172-130-0x00000000093B0000-0x00000000093B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3172-131-0x0000000009720000-0x0000000009721000-memory.dmp

    Filesize

    4KB

    Download