Overview

overview

10

Static

static

usfive_202...24.exe

windows7_x64

10

usfive_202...24.exe

windows10_x64

10

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    21-10-2021 14:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    usfive_20211021-124624.exe

  • Size

    333KB

  • MD5

    d925816145cc18afdd4675c4846bc9a7

  • SHA1

    9eb8dff855f515f3253eb2987679c462c9cab3e7

  • SHA256

    6ccde99f9a922f30985bf697ef122d1bb102993590064544c6d0cda4f53cbdcc

  • SHA512

    5caec99f2a47c64193707f5f3ccb74408eea98fd395d1fba4881f7ca39149ec3aa233ef4d85396e6e3be037bc293a138ea4e1d97528c72466e8d8c5a663f5326

Score
10/10
redlineoct21discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

oct21

C2

94.103.9.181:25690

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\usfive_20211021-124624.exe
    "C:\Users\Admin\AppData\Local\Temp\usfive_20211021-124624.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2604

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2604-115-0x0000000004E00000-0x0000000004E1B000-memory.dmp
    Filesize

    108KB

    Download
  • memory/2604-116-0x00000000075F0000-0x00000000075F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2604-117-0x0000000007AF0000-0x0000000007B0A000-memory.dmp
    Filesize

    104KB

    Download
  • memory/2604-118-0x0000000007C50000-0x0000000007C51000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2604-119-0x0000000008260000-0x0000000008261000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2604-120-0x00000000083A0000-0x00000000083A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2604-121-0x00000000083C0000-0x00000000083C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2604-122-0x0000000003190000-0x00000000031B1000-memory.dmp
    Filesize

    132KB

    Download
  • memory/2604-123-0x00000000031C0000-0x00000000031EF000-memory.dmp
    Filesize

    188KB

    Download
  • memory/2604-124-0x0000000000400000-0x0000000002F1A000-memory.dmp
    Filesize

    43.1MB

    Download
  • memory/2604-125-0x0000000004E20000-0x0000000004E21000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2604-126-0x0000000004E22000-0x0000000004E23000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2604-127-0x0000000004E23000-0x0000000004E24000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2604-128-0x0000000009BB0000-0x0000000009BB1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2604-129-0x0000000009DB0000-0x0000000009DB1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2604-130-0x0000000004E24000-0x0000000004E26000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2604-131-0x0000000009F40000-0x0000000009F41000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2604-132-0x0000000009FC0000-0x0000000009FC1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2604-133-0x000000000A230000-0x000000000A231000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2604-134-0x000000000A8B0000-0x000000000A8B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2604-135-0x000000000AA80000-0x000000000AA81000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2604-136-0x000000000B960000-0x000000000B961000-memory.dmp
    Filesize

    4KB

    Download