Overview

overview

10

Static

static

d08c7505d9...49.exe

windows7_x64

10

d08c7505d9...49.exe

windows10_x64

10

Analysis

  • max time kernel
    121s
  • max time network
    165s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    22-10-2021 18:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d08c7505d9deda3037398a2bddec6e49.exe

  • Size

    452KB

  • MD5

    d08c7505d9deda3037398a2bddec6e49

  • SHA1

    c35417022f575351d7b634aaa297d2e456887a7f

  • SHA256

    8840d8c54b58cc29c57916919906a81fff6bca7bede7c6d5b08a363359ff3582

  • SHA512

    94e88d77a383f657233d3777dcb313cd23f10d4042aa3472c92c0082a706098235f29722e2262a4f3e7ec48cdaa796558d611ba8607340208aa1296162280e9e

Score
10/10
redlinediscoveryinfostealer

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\d08c7505d9deda3037398a2bddec6e49.exe
    "C:\Users\Admin\AppData\Local\Temp\d08c7505d9deda3037398a2bddec6e49.exe"
    1⤵
      PID:3460

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    Query Registry

    1
    T1012

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3460-119-0x0000000000D10000-0x0000000000D54000-memory.dmp
      Filesize

      272KB

      Download
    • memory/3460-120-0x0000000002800000-0x000000000282D000-memory.dmp
      Filesize

      180KB

      Download
    • memory/3460-121-0x0000000004E90000-0x0000000004E91000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3460-122-0x0000000004E00000-0x0000000004E2B000-memory.dmp
      Filesize

      172KB

      Download
    • memory/3460-123-0x0000000005390000-0x0000000005391000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3460-125-0x0000000004E80000-0x0000000004E81000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3460-124-0x0000000000400000-0x00000000008A0000-memory.dmp
      Filesize

      4.6MB

      Download
    • memory/3460-126-0x0000000004E82000-0x0000000004E83000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3460-127-0x0000000004E83000-0x0000000004E84000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3460-128-0x00000000059D0000-0x00000000059D1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3460-129-0x0000000005A00000-0x0000000005A01000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3460-130-0x0000000005B10000-0x0000000005B11000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3460-131-0x0000000004E84000-0x0000000004E86000-memory.dmp
      Filesize

      8KB

      Download
    • memory/3460-132-0x0000000005B90000-0x0000000005B91000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3460-133-0x0000000005E20000-0x0000000005E21000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3460-134-0x0000000006530000-0x0000000006531000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3460-135-0x00000000065B0000-0x00000000065B1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3460-136-0x0000000006650000-0x0000000006651000-memory.dmp
      Filesize

      4KB

      Download