Overview

overview

10

Static

static

e48b6065db...b4.exe

windows7_x64

10

e48b6065db...b4.exe

windows10-2004_x64

1

Analysis

  • max time kernel
    122s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    19-01-2022 12:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e48b6065db55c67dfeea74968ad29ab4.exe

  • Size

    408KB

  • MD5

    e48b6065db55c67dfeea74968ad29ab4

  • SHA1

    f15e445f676ee0b62806b406e3cb5311618fecb4

  • SHA256

    8baa0639d8b45406032ae8463871c902c5c1d19e4f3f4c0b561cc7d1a18f3a95

  • SHA512

    173a2179e8bd2fa6e5e5b8e19e53aab12a526e5531a4ba7579f29cd505de21a96cd64453063554a7f4341a647216d92632bf573c879d752e49b0ab4b7c9259ed

Score
10/10
redlinetestingdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

Testing

C2

185.215.113.10:39759

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e48b6065db55c67dfeea74968ad29ab4.exe
    "C:\Users\Admin\AppData\Local\Temp\e48b6065db55c67dfeea74968ad29ab4.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1664

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1664-54-0x0000000001F30000-0x0000000001F64000-memory.dmp

    Filesize

    208KB

    Download

  • memory/1664-55-0x0000000002060000-0x0000000002092000-memory.dmp

    Filesize

    200KB

    Download

  • memory/1664-58-0x0000000000400000-0x000000000046D000-memory.dmp

    Filesize

    436KB

    Download

  • memory/1664-60-0x0000000004952000-0x0000000004953000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1664-61-0x0000000004953000-0x0000000004954000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1664-59-0x0000000004951000-0x0000000004952000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1664-57-0x00000000004C0000-0x00000000004F9000-memory.dmp

    Filesize

    228KB

    Download

  • memory/1664-56-0x0000000000470000-0x000000000049B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1664-62-0x00000000754B1000-0x00000000754B3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1664-63-0x0000000004954000-0x0000000004956000-memory.dmp

    Filesize

    8KB

    Download