Analysis
-
max time kernel
123s -
max time network
134s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
27-01-2022 01:23
General
-
Target
05a6a53ee7e31e73c45a26110ba7b50c3aaa380cad2fa9ea887b1b8c1743ee3d.exe
-
Size
380KB
-
MD5
c3c0f9d8625ab3fd9e4c754e39fcc71a
-
SHA1
dc8a255ba93bc059934938ccbfd2b86a94110750
-
SHA256
05a6a53ee7e31e73c45a26110ba7b50c3aaa380cad2fa9ea887b1b8c1743ee3d
-
SHA512
92adeb7521a68f0249027198dff3b6899e786e997786ddb2dcdd733938a48863d73d1f7ec179ae928e7af3ce31f177efa8c96015aede0c552af13f0aff6a04ac
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
noname
C2
185.215.113.29:20819
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 2 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\05a6a53ee7e31e73c45a26110ba7b50c3aaa380cad2fa9ea887b1b8c1743ee3d.exe"C:\Users\Admin\AppData\Local\Temp\05a6a53ee7e31e73c45a26110ba7b50c3aaa380cad2fa9ea887b1b8c1743ee3d.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3548-119-0x0000000000590000-0x00000000006DA000-memory.dmpFilesize
1.3MB
-
memory/3548-120-0x0000000000400000-0x0000000000465000-memory.dmpFilesize
404KB
-
memory/3548-121-0x0000000002200000-0x0000000002234000-memory.dmpFilesize
208KB
-
memory/3548-122-0x0000000004C50000-0x000000000514E000-memory.dmpFilesize
5.0MB
-
memory/3548-123-0x0000000002420000-0x0000000002452000-memory.dmpFilesize
200KB
-
memory/3548-125-0x0000000004C42000-0x0000000004C43000-memory.dmpFilesize
4KB
-
memory/3548-124-0x0000000004C40000-0x0000000004C41000-memory.dmpFilesize
4KB
-
memory/3548-126-0x0000000004C43000-0x0000000004C44000-memory.dmpFilesize
4KB
-
memory/3548-127-0x0000000005150000-0x0000000005756000-memory.dmpFilesize
6.0MB
-
memory/3548-128-0x0000000004AA0000-0x0000000004AB2000-memory.dmpFilesize
72KB
-
memory/3548-129-0x0000000004AD0000-0x0000000004BDA000-memory.dmpFilesize
1.0MB
-
memory/3548-130-0x0000000005760000-0x000000000579E000-memory.dmpFilesize
248KB
-
memory/3548-131-0x0000000004C44000-0x0000000004C46000-memory.dmpFilesize
8KB
-
memory/3548-132-0x00000000057A0000-0x00000000057EB000-memory.dmpFilesize
300KB
-
memory/3548-133-0x0000000005A30000-0x0000000005A96000-memory.dmpFilesize
408KB
-
memory/3548-134-0x00000000060F0000-0x0000000006166000-memory.dmpFilesize
472KB
-
memory/3548-135-0x0000000006170000-0x0000000006202000-memory.dmpFilesize
584KB
-
memory/3548-136-0x0000000006280000-0x000000000629E000-memory.dmpFilesize
120KB
-
memory/3548-137-0x00000000064B0000-0x0000000006672000-memory.dmpFilesize
1.8MB
-
memory/3548-138-0x0000000006680000-0x0000000006BAC000-memory.dmpFilesize
5.2MB