Overview

overview

10

Static

static

Redline St...ck.exe

windows7_x64

8

Redline St...ck.exe

windows7_x64

8

Redline St...ck.exe

windows11_x64

10

Redline St...ck.exe

windows10_x64

10

Redline St...ck.exe

windows10_x64

10

Redline St...ck.exe

windows10_x64

10

Analysis

  • max time kernel
    57s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-de-20210920
  • submitted
    20-10-2021 01:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Redline Stealer 2021 Cracked/Redline_20_2_crack.exe

  • Size

    15.1MB

  • MD5

    083776e54ad37b3a45d7e6516b1e13fb

  • SHA1

    e784e8f041dfb7612e8439518ed587f1f878b9eb

  • SHA256

    4334163e03a3cae86600be22c3deb8e786142db27883cc99f0536f713621df9d

  • SHA512

    0985538bf8c2add2e85ac09e64826e0993fae2b1b4e7643a42f010201e4e8f2065f673a795aa4eabf7bee26709f35fbc84553042f40ce3a2fde96a271c43590c

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops startup file 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Redline Stealer 2021 Cracked\Redline_20_2_crack.exe
    "C:\Users\Admin\AppData\Local\Temp\Redline Stealer 2021 Cracked\Redline_20_2_crack.exe"
    1⤵
    • Loads dropped DLL
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1308
    • C:\Users\Admin\AppData\Local\Temp\Redline Stealer 2021 Cracked\crack.exe
      "C:\Users\Admin\AppData\Local\Temp\Redline Stealer 2021 Cracked\crack.exe"
      2⤵
      • Executes dropped EXE
      • Drops startup file
      • Suspicious behavior: AddClipboardFormatListener
      PID:1860

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Redline Stealer 2021 Cracked\crack.exe
    MD5

    d2092715d71b90721291a1d59f69a8cc

    SHA1

    99ebd7a6601d85cc7206b5a9dbf623ec9e5963ad

    SHA256

    b38006408e2229c1c23c56e4efba5df476d7ee13931ec7766cb6940b1b397679

    SHA512

    3b99205ae8c7c69ca207b45b5d2701a24a7aa2bff2f4dace45702f4eaca71e19d0630d33f869e4793d7d3f9d429b37c77690df6913c225e0b9e5c3e7d583d322

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Redline Stealer 2021 Cracked\crack.exe
    MD5

    d2092715d71b90721291a1d59f69a8cc

    SHA1

    99ebd7a6601d85cc7206b5a9dbf623ec9e5963ad

    SHA256

    b38006408e2229c1c23c56e4efba5df476d7ee13931ec7766cb6940b1b397679

    SHA512

    3b99205ae8c7c69ca207b45b5d2701a24a7aa2bff2f4dace45702f4eaca71e19d0630d33f869e4793d7d3f9d429b37c77690df6913c225e0b9e5c3e7d583d322

    Download Submit
  • \Users\Admin\AppData\Local\Temp\Redline Stealer 2021 Cracked\crack.exe
    MD5

    d2092715d71b90721291a1d59f69a8cc

    SHA1

    99ebd7a6601d85cc7206b5a9dbf623ec9e5963ad

    SHA256

    b38006408e2229c1c23c56e4efba5df476d7ee13931ec7766cb6940b1b397679

    SHA512

    3b99205ae8c7c69ca207b45b5d2701a24a7aa2bff2f4dace45702f4eaca71e19d0630d33f869e4793d7d3f9d429b37c77690df6913c225e0b9e5c3e7d583d322

    Download Submit
  • \Users\Admin\AppData\Local\Temp\Redline Stealer 2021 Cracked\crack.exe
    MD5

    d2092715d71b90721291a1d59f69a8cc

    SHA1

    99ebd7a6601d85cc7206b5a9dbf623ec9e5963ad

    SHA256

    b38006408e2229c1c23c56e4efba5df476d7ee13931ec7766cb6940b1b397679

    SHA512

    3b99205ae8c7c69ca207b45b5d2701a24a7aa2bff2f4dace45702f4eaca71e19d0630d33f869e4793d7d3f9d429b37c77690df6913c225e0b9e5c3e7d583d322

    Download Submit
  • \Users\Admin\AppData\Local\Temp\Redline Stealer 2021 Cracked\crack.exe
    MD5

    d2092715d71b90721291a1d59f69a8cc

    SHA1

    99ebd7a6601d85cc7206b5a9dbf623ec9e5963ad

    SHA256

    b38006408e2229c1c23c56e4efba5df476d7ee13931ec7766cb6940b1b397679

    SHA512

    3b99205ae8c7c69ca207b45b5d2701a24a7aa2bff2f4dace45702f4eaca71e19d0630d33f869e4793d7d3f9d429b37c77690df6913c225e0b9e5c3e7d583d322

    Download Submit
  • \Users\Admin\AppData\Local\Temp\Redline Stealer 2021 Cracked\crack.exe
    MD5

    d2092715d71b90721291a1d59f69a8cc

    SHA1

    99ebd7a6601d85cc7206b5a9dbf623ec9e5963ad

    SHA256

    b38006408e2229c1c23c56e4efba5df476d7ee13931ec7766cb6940b1b397679

    SHA512

    3b99205ae8c7c69ca207b45b5d2701a24a7aa2bff2f4dace45702f4eaca71e19d0630d33f869e4793d7d3f9d429b37c77690df6913c225e0b9e5c3e7d583d322

    Download Submit
  • memory/1308-58-0x000000007EF84000-0x000000007EF86000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1308-60-0x000000007EF88000-0x000000007EF89000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1308-53-0x0000000075981000-0x0000000075983000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1308-54-0x000000007EF80000-0x000000007EF82000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1308-55-0x000000007EF82000-0x000000007EF84000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1860-65-0x0000000000000000-mapping.dmp
    Download
  • memory/1860-68-0x0000000000050000-0x0000000000051000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1860-70-0x000000001B020000-0x000000001B022000-memory.dmp
    Filesize

    8KB

    Download