Overview

overview

10

Static

static

1954eb49f2...17.exe

windows7_x64

10

1954eb49f2...17.exe

windows10_x64

10

Analysis

  • max time kernel
    117s
  • max time network
    124s
  • platform
    windows10_x64
  • resource
    win10-en-20211014
  • submitted
    24-10-2021 13:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1954eb49f231c2a70291889f5b12331953adf76f1e417.exe

  • Size

    407KB

  • MD5

    f65bef156e7fe9ad83b9bf3936fb53b9

  • SHA1

    51a9ce72d9f222ec08ca7b99e2bd724ea567db16

  • SHA256

    1954eb49f231c2a70291889f5b12331953adf76f1e4179c87b7b9cd871079d28

  • SHA512

    fbbe57102523d44d65488a37661e023a55a9764f482fa99af023e38fc736b1aafdbd42fe194ef141f805f76e293d641979bd4ac302be889ac4c83df45a7e8352

Score
10/10
redlinediscoveryinfostealerspywarestealer

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1954eb49f231c2a70291889f5b12331953adf76f1e417.exe
    "C:\Users\Admin\AppData\Local\Temp\1954eb49f231c2a70291889f5b12331953adf76f1e417.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4396

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4396-115-0x0000000001401000-0x0000000001424000-memory.dmp

    Filesize

    140KB

    Download

  • memory/4396-116-0x00000000001C0000-0x00000000001F0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/4396-117-0x0000000000400000-0x0000000001036000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4396-118-0x0000000002EA0000-0x0000000002EBC000-memory.dmp

    Filesize

    112KB

    Download

  • memory/4396-120-0x0000000002F42000-0x0000000002F43000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4396-119-0x0000000002F40000-0x0000000002F41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4396-121-0x0000000002F43000-0x0000000002F44000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4396-122-0x0000000005590000-0x0000000005591000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4396-123-0x0000000003120000-0x000000000313B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4396-124-0x0000000005A90000-0x0000000005A91000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4396-125-0x0000000006130000-0x0000000006131000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4396-126-0x0000000006160000-0x0000000006161000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4396-127-0x0000000002F44000-0x0000000002F46000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4396-128-0x0000000006270000-0x0000000006271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4396-129-0x00000000062F0000-0x00000000062F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4396-130-0x0000000006480000-0x0000000006481000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4396-131-0x0000000006C80000-0x0000000006C81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4396-132-0x0000000006D80000-0x0000000006D81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4396-133-0x0000000006D40000-0x0000000006D41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4396-134-0x0000000006F90000-0x0000000006F91000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4396-135-0x0000000007170000-0x0000000007171000-memory.dmp

    Filesize

    4KB

    Download