Overview

overview

10

Static

static

47e27edcb9...13.exe

windows7_x64

10

47e27edcb9...13.exe

windows10_x64

10

Analysis

  • max time kernel
    135s
  • max time network
    137s
  • platform
    windows10_x64
  • resource
    win10-en
  • submitted
    13-09-2021 19:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    47e27edcb9be738259f5c3d81423c613.exe

  • Size

    395KB

  • MD5

    47e27edcb9be738259f5c3d81423c613

  • SHA1

    3974b52edd4a1b1dedc6c2dcb308f735e444c131

  • SHA256

    2a103ceb37522c1bb5f9b6336e52c3c8341b15276bbc44149ac65d26375b4c1d

  • SHA512

    7144947aa0f4be257e444e6e2bf61797b6dcdfd2390a46a5ceec17530d4f3b8e8139e3648d63aad35bc3d81e39b98a4fe2e12597d927e5144e1e3e05e0d42a58

Score
10/10
redline3discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

3

C2

45.147.228.207:1569

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\47e27edcb9be738259f5c3d81423c613.exe
    "C:\Users\Admin\AppData\Local\Temp\47e27edcb9be738259f5c3d81423c613.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4736

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4736-115-0x00000000017A0000-0x00000000018EA000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/4736-116-0x0000000003440000-0x000000000345F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/4736-117-0x0000000000400000-0x000000000179A000-memory.dmp

    Filesize

    19.6MB

    Download

  • memory/4736-118-0x0000000003650000-0x0000000003651000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4736-119-0x0000000005D70000-0x0000000005D71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4736-120-0x0000000003652000-0x0000000003653000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4736-121-0x0000000003653000-0x0000000003654000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4736-122-0x00000000036D0000-0x00000000036EE000-memory.dmp

    Filesize

    120KB

    Download

  • memory/4736-123-0x0000000006270000-0x0000000006271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4736-124-0x0000000006890000-0x0000000006891000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4736-125-0x00000000068C0000-0x00000000068C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4736-126-0x00000000069D0000-0x00000000069D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4736-127-0x0000000003654000-0x0000000003656000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4736-128-0x0000000006A50000-0x0000000006A51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4736-129-0x0000000007C70000-0x0000000007C71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4736-130-0x0000000007E40000-0x0000000007E41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4736-131-0x0000000008460000-0x0000000008461000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4736-132-0x0000000008580000-0x0000000008581000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4736-133-0x0000000008640000-0x0000000008641000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4736-134-0x00000000087D0000-0x00000000087D1000-memory.dmp

    Filesize

    4KB

    Download