Analysis
-
max time kernel
20s -
max time network
22s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
27-07-2021 18:31
General
-
Target
REVENGE_TOOl.exe
-
Size
96KB
-
MD5
28f72fb108389f9638288e138f3e9dd6
-
SHA1
a48018ebb6e72560d9802d27ee770acc419d0eb8
-
SHA256
b74622825097140b74e41ec4b76dfc0afa913c087ed259404f6cda2395c2d3c6
-
SHA512
ccabdfd642803714aa725e206d05b7b73e51ef2922e177baba58e109220ca7f5afe47aaf01d85a64f0031e63a1ea0f6a5754551cbcdea29b96fda36bd9e8ee35
Score
10/10
Malware Config
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\REVENGE_TOOl.exe"C:\Users\Admin\AppData\Local\Temp\REVENGE_TOOl.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1096-114-0x0000000000790000-0x0000000000791000-memory.dmpFilesize
4KB
-
memory/1096-116-0x0000000005540000-0x0000000005541000-memory.dmpFilesize
4KB
-
memory/1096-117-0x0000000004FA0000-0x0000000004FA1000-memory.dmpFilesize
4KB
-
memory/1096-118-0x0000000005000000-0x0000000005001000-memory.dmpFilesize
4KB
-
memory/1096-119-0x0000000005040000-0x0000000005041000-memory.dmpFilesize
4KB
-
memory/1096-120-0x0000000004F30000-0x0000000005536000-memory.dmpFilesize
6.0MB
-
memory/1096-121-0x00000000052B0000-0x00000000052B1000-memory.dmpFilesize
4KB
-
memory/1096-122-0x0000000006460000-0x0000000006461000-memory.dmpFilesize
4KB
-
memory/1096-123-0x0000000006B60000-0x0000000006B61000-memory.dmpFilesize
4KB
-
memory/1096-124-0x0000000006710000-0x0000000006711000-memory.dmpFilesize
4KB
-
memory/1096-125-0x0000000007590000-0x0000000007591000-memory.dmpFilesize
4KB
-
memory/1096-126-0x0000000006AF0000-0x0000000006AF1000-memory.dmpFilesize
4KB