Overview

overview

10

Static

static

1138566c2d...b6.exe

windows7_x64

10

1138566c2d...b6.exe

windows10_x64

10

Analysis

  • max time kernel
    122s
  • max time network
    128s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    26-01-2022 13:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1138566c2dc75fd97735373798d050b6.exe

  • Size

    444KB

  • MD5

    1138566c2dc75fd97735373798d050b6

  • SHA1

    8b6fbc0d77a58352a47f22967c75587e035eb357

  • SHA256

    8370bc92f5cb661bd26f3bd5abb51f6d56c48acb438ae48aa3351044cd55678f

  • SHA512

    e7105354c1031909d4c6365d37890c019030b4f0572c8082a663b36a4c99fa56baf22e850ef88801730221470f587fd866792d9d324335ecb0c48306e089b780

Score
10/10
redlineruzkikakoytodiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

ruzkiKAKOYTO

C2

185.215.113.29:20819

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1138566c2dc75fd97735373798d050b6.exe
    "C:\Users\Admin\AppData\Local\Temp\1138566c2dc75fd97735373798d050b6.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3436

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3436-116-0x00000000021B0000-0x00000000021E9000-memory.dmp
    Filesize

    228KB

    Download
  • memory/3436-117-0x0000000002350000-0x0000000002384000-memory.dmp
    Filesize

    208KB

    Download
  • memory/3436-118-0x0000000004C60000-0x000000000515E000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/3436-119-0x0000000002620000-0x0000000002652000-memory.dmp
    Filesize

    200KB

    Download
  • memory/3436-120-0x0000000000400000-0x0000000000499000-memory.dmp
    Filesize

    612KB

    Download
  • memory/3436-121-0x0000000004C50000-0x0000000004C51000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3436-122-0x0000000004C52000-0x0000000004C53000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3436-123-0x0000000004C53000-0x0000000004C54000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3436-124-0x0000000005160000-0x0000000005766000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/3436-125-0x0000000004C10000-0x0000000004C22000-memory.dmp
    Filesize

    72KB

    Download
  • memory/3436-126-0x0000000005770000-0x000000000587A000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/3436-127-0x00000000058B0000-0x00000000058EE000-memory.dmp
    Filesize

    248KB

    Download
  • memory/3436-128-0x0000000004C54000-0x0000000004C56000-memory.dmp
    Filesize

    8KB

    Download
  • memory/3436-129-0x0000000005900000-0x000000000594B000-memory.dmp
    Filesize

    300KB

    Download
  • memory/3436-130-0x0000000005BA0000-0x0000000005C06000-memory.dmp
    Filesize

    408KB

    Download
  • memory/3436-131-0x0000000006240000-0x00000000062B6000-memory.dmp
    Filesize

    472KB

    Download
  • memory/3436-132-0x0000000006300000-0x0000000006392000-memory.dmp
    Filesize

    584KB

    Download
  • memory/3436-133-0x00000000064F0000-0x000000000650E000-memory.dmp
    Filesize

    120KB

    Download
  • memory/3436-134-0x0000000006620000-0x00000000067E2000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/3436-135-0x00000000067F0000-0x0000000006D1C000-memory.dmp
    Filesize

    5.2MB

    Download