Analysis
-
max time kernel
120s -
max time network
136s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
15-10-2021 15:01
General
-
Target
6babf9a748f0c00b36e42da46bcb5116235299601b7944fcafdb034385369a44.exe
-
Size
365KB
-
MD5
cc2792f322404d7033f396be113718d3
-
SHA1
d5c885ef21504532945cb824dbb571d87f385ccf
-
SHA256
6babf9a748f0c00b36e42da46bcb5116235299601b7944fcafdb034385369a44
-
SHA512
0bef035a20010af9e4fa9b84d502d3ee3940d781d9307a78ab8cf002b9e179cf4ad2c01786bcfa387c28206e6c2c9664f2d7b3805ba80b9c2f2460a29b02f861
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
UDP
C2
45.9.20.182:52236
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 2 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6babf9a748f0c00b36e42da46bcb5116235299601b7944fcafdb034385369a44.exe"C:\Users\Admin\AppData\Local\Temp\6babf9a748f0c00b36e42da46bcb5116235299601b7944fcafdb034385369a44.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4076-116-0x00000000035E0000-0x00000000035FF000-memory.dmpFilesize
124KB
-
memory/4076-117-0x0000000005D70000-0x0000000005D71000-memory.dmpFilesize
4KB
-
memory/4076-118-0x0000000003690000-0x00000000036AD000-memory.dmpFilesize
116KB
-
memory/4076-119-0x0000000006270000-0x0000000006271000-memory.dmpFilesize
4KB
-
memory/4076-120-0x0000000005CA0000-0x0000000005CA1000-memory.dmpFilesize
4KB
-
memory/4076-121-0x0000000006990000-0x0000000006991000-memory.dmpFilesize
4KB
-
memory/4076-122-0x0000000005CD0000-0x0000000005CD1000-memory.dmpFilesize
4KB
-
memory/4076-123-0x00000000032A0000-0x00000000032D0000-memory.dmpFilesize
192KB
-
memory/4076-124-0x0000000000400000-0x00000000016CE000-memory.dmpFilesize
18.8MB
-
memory/4076-125-0x0000000005D60000-0x0000000005D61000-memory.dmpFilesize
4KB
-
memory/4076-126-0x0000000005D62000-0x0000000005D63000-memory.dmpFilesize
4KB
-
memory/4076-127-0x0000000005D63000-0x0000000005D64000-memory.dmpFilesize
4KB
-
memory/4076-128-0x0000000005D64000-0x0000000005D66000-memory.dmpFilesize
8KB
-
memory/4076-129-0x0000000006880000-0x0000000006881000-memory.dmpFilesize
4KB
-
memory/4076-130-0x00000000075A0000-0x00000000075A1000-memory.dmpFilesize
4KB
-
memory/4076-131-0x0000000007770000-0x0000000007771000-memory.dmpFilesize
4KB
-
memory/4076-132-0x0000000007DA0000-0x0000000007DA1000-memory.dmpFilesize
4KB
-
memory/4076-133-0x0000000007EB0000-0x0000000007EB1000-memory.dmpFilesize
4KB
-
memory/4076-134-0x0000000008070000-0x0000000008071000-memory.dmpFilesize
4KB
-
memory/4076-135-0x00000000081A0000-0x00000000081A1000-memory.dmpFilesize
4KB