Overview

overview

10

Static

static

cec8520f14...83.exe

windows7_x64

10

cec8520f14...83.exe

windows10_x64

10

Analysis

  • max time kernel
    120s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-en-20210920
  • submitted
    23-10-2021 06:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cec8520f145a0dddbf1adbe4262e8b83.exe

  • Size

    441KB

  • MD5

    cec8520f145a0dddbf1adbe4262e8b83

  • SHA1

    c88557afeb6db504b5e94838411d289714e8c193

  • SHA256

    75c1729f921ec241025388f991a462400494b804483f0392f0222fe3ed04ceb9

  • SHA512

    e5a8fa627bd944dadcee18d6b10cbc55df546083b167b11ffd5fe4d74fdf9fe67d3c630978dafb7fc2389db1ea9af0333f2ce97a886fb79d8747699985791867

Score
10/10
redlinediscoveryinfostealerspywarestealer

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cec8520f145a0dddbf1adbe4262e8b83.exe
    "C:\Users\Admin\AppData\Local\Temp\cec8520f145a0dddbf1adbe4262e8b83.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1676

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1676-54-0x0000000000A89000-0x0000000000AB4000-memory.dmp
    Filesize

    172KB

    Download
  • memory/1676-55-0x0000000002390000-0x00000000023BD000-memory.dmp
    Filesize

    180KB

    Download
  • memory/1676-56-0x0000000000220000-0x0000000000264000-memory.dmp
    Filesize

    272KB

    Download
  • memory/1676-57-0x0000000000400000-0x000000000089D000-memory.dmp
    Filesize

    4.6MB

    Download
  • memory/1676-58-0x0000000004DF1000-0x0000000004DF2000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1676-59-0x0000000004DF2000-0x0000000004DF3000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1676-60-0x0000000004DF3000-0x0000000004DF4000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1676-61-0x0000000002400000-0x000000000242B000-memory.dmp
    Filesize

    172KB

    Download
  • memory/1676-62-0x0000000004DF4000-0x0000000004DF6000-memory.dmp
    Filesize

    8KB

    Download