Analysis
-
max time kernel
66s -
max time network
135s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
19-10-2021 13:10
General
-
Target
930768cf39b20c4925e1c6051df19913a3dd75e56eeb7fead627faca21cf2c80.exe
-
Size
364KB
-
MD5
21aabbc6698116740f9456ffd2070abf
-
SHA1
7d6e590624083e3b92ce790ff8de7147b07923d3
-
SHA256
930768cf39b20c4925e1c6051df19913a3dd75e56eeb7fead627faca21cf2c80
-
SHA512
b05c23e6c45835038579ae634e63e20dc91bfcf8e14492e5f003fbf4b610f993166779ca9b735116bef0521af2fc29a293b3062ff63cae5b17bd4bc19848ae53
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
UDP
C2
45.9.20.182:52236
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 2 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\930768cf39b20c4925e1c6051df19913a3dd75e56eeb7fead627faca21cf2c80.exe"C:\Users\Admin\AppData\Local\Temp\930768cf39b20c4925e1c6051df19913a3dd75e56eeb7fead627faca21cf2c80.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3144-116-0x0000000004C70000-0x0000000004CA0000-memory.dmpFilesize
192KB
-
memory/3144-117-0x0000000000400000-0x0000000002F23000-memory.dmpFilesize
43.1MB
-
memory/3144-118-0x0000000004D50000-0x0000000004D6F000-memory.dmpFilesize
124KB
-
memory/3144-119-0x0000000007680000-0x0000000007681000-memory.dmpFilesize
4KB
-
memory/3144-120-0x0000000004F90000-0x0000000004FAD000-memory.dmpFilesize
116KB
-
memory/3144-122-0x0000000007B80000-0x0000000007B81000-memory.dmpFilesize
4KB
-
memory/3144-123-0x0000000004D32000-0x0000000004D33000-memory.dmpFilesize
4KB
-
memory/3144-121-0x0000000004D30000-0x0000000004D31000-memory.dmpFilesize
4KB
-
memory/3144-124-0x0000000004D33000-0x0000000004D34000-memory.dmpFilesize
4KB
-
memory/3144-125-0x0000000005100000-0x0000000005101000-memory.dmpFilesize
4KB
-
memory/3144-126-0x0000000008190000-0x0000000008191000-memory.dmpFilesize
4KB
-
memory/3144-127-0x00000000082A0000-0x00000000082A1000-memory.dmpFilesize
4KB
-
memory/3144-128-0x0000000004D34000-0x0000000004D36000-memory.dmpFilesize
8KB
-
memory/3144-129-0x0000000008320000-0x0000000008321000-memory.dmpFilesize
4KB
-
memory/3144-130-0x0000000008F40000-0x0000000008F41000-memory.dmpFilesize
4KB
-
memory/3144-131-0x0000000009110000-0x0000000009111000-memory.dmpFilesize
4KB
-
memory/3144-132-0x0000000009750000-0x0000000009751000-memory.dmpFilesize
4KB
-
memory/3144-133-0x0000000009AA0000-0x0000000009AA1000-memory.dmpFilesize
4KB
-
memory/3144-134-0x0000000009BB0000-0x0000000009BB1000-memory.dmpFilesize
4KB
-
memory/3144-135-0x0000000009D50000-0x0000000009D51000-memory.dmpFilesize
4KB