Analysis
-
max time kernel
125s -
max time network
125s -
platform
windows10_x64 -
resource
win10-en-20211104 -
submitted
25-11-2021 22:37
General
-
Target
316a5da4472018390dde858dec7b5d40931e986a43c38da3af609b7a4a7c4ba2.exe
-
Size
402KB
-
MD5
0bb4cc5e905d1bfd4d2823e1c7472b7a
-
SHA1
23afd749fa7f77144fda9256774ed677c37bface
-
SHA256
316a5da4472018390dde858dec7b5d40931e986a43c38da3af609b7a4a7c4ba2
-
SHA512
707263048feb5d5bc0eec14e9aba71238c34ea3aded6767c022a37ff878e1e1b03898e89dcf54d80a368f03d6bbc6d56fd4aa1cdf4fc87983cd9fbeeb987ca70
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
Pubdate
C2
193.56.146.64:65441
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 2 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\316a5da4472018390dde858dec7b5d40931e986a43c38da3af609b7a4a7c4ba2.exe"C:\Users\Admin\AppData\Local\Temp\316a5da4472018390dde858dec7b5d40931e986a43c38da3af609b7a4a7c4ba2.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3120-118-0x0000000001EB9000-0x0000000001EE5000-memory.dmpFilesize
176KB
-
memory/3120-119-0x0000000003BB0000-0x0000000003BDE000-memory.dmpFilesize
184KB
-
memory/3120-120-0x0000000003970000-0x00000000039A9000-memory.dmpFilesize
228KB
-
memory/3120-121-0x0000000000400000-0x0000000001C1A000-memory.dmpFilesize
24.1MB
-
memory/3120-123-0x0000000003A13000-0x0000000003A14000-memory.dmpFilesize
4KB
-
memory/3120-122-0x0000000003A12000-0x0000000003A13000-memory.dmpFilesize
4KB
-
memory/3120-125-0x0000000003A10000-0x0000000003A11000-memory.dmpFilesize
4KB
-
memory/3120-124-0x0000000006330000-0x0000000006331000-memory.dmpFilesize
4KB
-
memory/3120-126-0x0000000003CA0000-0x0000000003CCC000-memory.dmpFilesize
176KB
-
memory/3120-127-0x0000000006830000-0x0000000006831000-memory.dmpFilesize
4KB
-
memory/3120-128-0x0000000006EB0000-0x0000000006EB1000-memory.dmpFilesize
4KB
-
memory/3120-129-0x0000000006EE0000-0x0000000006EE1000-memory.dmpFilesize
4KB
-
memory/3120-130-0x0000000006FF0000-0x0000000006FF1000-memory.dmpFilesize
4KB
-
memory/3120-131-0x0000000007080000-0x0000000007081000-memory.dmpFilesize
4KB
-
memory/3120-132-0x0000000003A14000-0x0000000003A16000-memory.dmpFilesize
8KB
-
memory/3120-133-0x0000000007310000-0x0000000007311000-memory.dmpFilesize
4KB
-
memory/3120-134-0x0000000007390000-0x0000000007391000-memory.dmpFilesize
4KB
-
memory/3120-135-0x0000000007570000-0x0000000007571000-memory.dmpFilesize
4KB
-
memory/3120-136-0x0000000007630000-0x0000000007631000-memory.dmpFilesize
4KB
-
memory/3120-137-0x0000000007D30000-0x0000000007D31000-memory.dmpFilesize
4KB
-
memory/3120-138-0x0000000007F10000-0x0000000007F11000-memory.dmpFilesize
4KB