Analysis
-
max time kernel
65s -
max time network
135s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
21-10-2021 06:21
General
-
Target
c88535f911c8fce65bb91bc8b498d9a6e20dd3bd115db0f6bfedf819306be189.exe
-
Size
337KB
-
MD5
6ac371a3014d2acf58b12dcd519fbc0e
-
SHA1
2a17581f04cc08e8cf54204415542ee9aa68d74c
-
SHA256
c88535f911c8fce65bb91bc8b498d9a6e20dd3bd115db0f6bfedf819306be189
-
SHA512
74abd2cf39e18748a9c0e82bc18180ba48ffb1c7a2f95293831f72b8cc95234d5c22367468d9e3489149d9b656c9ed556b3328ee59a980dd7d32227c43f3c7b8
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
UTS
C2
45.9.20.182:52236
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 2 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c88535f911c8fce65bb91bc8b498d9a6e20dd3bd115db0f6bfedf819306be189.exe"C:\Users\Admin\AppData\Local\Temp\c88535f911c8fce65bb91bc8b498d9a6e20dd3bd115db0f6bfedf819306be189.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3736-116-0x0000000004B60000-0x0000000004B90000-memory.dmpFilesize
192KB
-
memory/3736-117-0x0000000000400000-0x0000000002F1B000-memory.dmpFilesize
43.1MB
-
memory/3736-115-0x0000000004B30000-0x0000000004B52000-memory.dmpFilesize
136KB
-
memory/3736-118-0x0000000004C90000-0x0000000004CAF000-memory.dmpFilesize
124KB
-
memory/3736-119-0x0000000007770000-0x0000000007771000-memory.dmpFilesize
4KB
-
memory/3736-120-0x0000000007780000-0x0000000007781000-memory.dmpFilesize
4KB
-
memory/3736-121-0x0000000004E60000-0x0000000004E7D000-memory.dmpFilesize
116KB
-
memory/3736-122-0x0000000007C80000-0x0000000007C81000-memory.dmpFilesize
4KB
-
memory/3736-123-0x0000000004FD0000-0x0000000004FD1000-memory.dmpFilesize
4KB
-
memory/3736-124-0x0000000007590000-0x0000000007591000-memory.dmpFilesize
4KB
-
memory/3736-126-0x0000000007774000-0x0000000007776000-memory.dmpFilesize
8KB
-
memory/3736-125-0x0000000007772000-0x0000000007773000-memory.dmpFilesize
4KB
-
memory/3736-127-0x0000000007773000-0x0000000007774000-memory.dmpFilesize
4KB
-
memory/3736-128-0x0000000005000000-0x0000000005001000-memory.dmpFilesize
4KB
-
memory/3736-129-0x00000000076E0000-0x00000000076E1000-memory.dmpFilesize
4KB
-
memory/3736-130-0x00000000092E0000-0x00000000092E1000-memory.dmpFilesize
4KB
-
memory/3736-131-0x00000000094B0000-0x00000000094B1000-memory.dmpFilesize
4KB
-
memory/3736-132-0x00000000099E0000-0x00000000099E1000-memory.dmpFilesize
4KB
-
memory/3736-133-0x0000000009D00000-0x0000000009D01000-memory.dmpFilesize
4KB
-
memory/3736-134-0x0000000009E10000-0x0000000009E11000-memory.dmpFilesize
4KB
-
memory/3736-135-0x0000000009DC0000-0x0000000009DC1000-memory.dmpFilesize
4KB