Overview

overview

10

Static

static

68900761d2...85.exe

windows7_x64

10

68900761d2...85.exe

windows10_x64

10

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    26-01-2022 18:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    68900761d23c77b005b89feb89876c85.exe

  • Size

    515KB

  • MD5

    68900761d23c77b005b89feb89876c85

  • SHA1

    2d9a95cfe66fd559424957eed4ac797271a87144

  • SHA256

    782f3607d63d38bd59a78ae9f219ef092850f29c3da05c019594b44f53ac84ac

  • SHA512

    1ff6772b27c34d5550ef6d11b69beb4ab99dd17ad1600286248cd3dd9dec3469bf5d39d80252a60965ddfb76a75f7d9d72b73f5460d2b8ffe9a8739d1b34c571

Score
10/10
redlinediscoveryinfostealerspywarestealer

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 4 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\68900761d23c77b005b89feb89876c85.exe
    "C:\Users\Admin\AppData\Local\Temp\68900761d23c77b005b89feb89876c85.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:528

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/528-53-0x0000000075D61000-0x0000000075D63000-memory.dmp

    Filesize

    8KB

    Download

  • memory/528-54-0x0000000074EB0000-0x0000000074EFA000-memory.dmp

    Filesize

    296KB

    Download

  • memory/528-55-0x0000000000320000-0x0000000000364000-memory.dmp

    Filesize

    272KB

    Download

  • memory/528-56-0x0000000000AE0000-0x0000000000BB9000-memory.dmp

    Filesize

    868KB

    Download

  • memory/528-57-0x0000000000100000-0x0000000000101000-memory.dmp

    Filesize

    4KB

    Download

  • memory/528-59-0x00000000769B0000-0x0000000076A5C000-memory.dmp

    Filesize

    688KB

    Download

  • memory/528-60-0x00000000773C0000-0x0000000077407000-memory.dmp

    Filesize

    284KB

    Download

  • memory/528-61-0x0000000075B50000-0x0000000075BA7000-memory.dmp

    Filesize

    348KB

    Download

  • memory/528-63-0x0000000076F50000-0x00000000770AC000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/528-64-0x0000000000AE0000-0x0000000000BB9000-memory.dmp

    Filesize

    868KB

    Download

  • memory/528-65-0x0000000000AE0000-0x0000000000BB9000-memory.dmp

    Filesize

    868KB

    Download

  • memory/528-66-0x0000000076C80000-0x0000000076D0F000-memory.dmp

    Filesize

    572KB

    Download

  • memory/528-68-0x0000000002660000-0x0000000002790000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/528-69-0x0000000075D60000-0x00000000769AA000-memory.dmp

    Filesize

    12.3MB

    Download

  • memory/528-70-0x0000000073CA0000-0x0000000073CB7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/528-71-0x0000000075D00000-0x0000000075D35000-memory.dmp

    Filesize

    212KB

    Download

  • memory/528-72-0x000000006D560000-0x000000006D6F0000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/528-73-0x000000006D420000-0x000000006D437000-memory.dmp

    Filesize

    92KB

    Download