Overview

overview

10

Static

static

bc1f670af7...16.exe

windows7_x64

10

bc1f670af7...16.exe

windows10_x64

10

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    29-01-2022 17:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bc1f670af7d1a005020ea25d98fb851205760e374e3219c49f7a4cffc22aa916.exe

  • Size

    457KB

  • MD5

    c04bda20f977c6bbbd71aff8f1a02803

  • SHA1

    40064bf8f0385e558d151c032b876b080e21df72

  • SHA256

    bc1f670af7d1a005020ea25d98fb851205760e374e3219c49f7a4cffc22aa916

  • SHA512

    50a7d7165f456ea9963f83cda57795b5a8d6d041e8be4b1bd801f1b05e08e1cd0e99a71096186fce7e3d473c2c01c6285c6ae20f822d34c869b9ae1a201f5a3c

Score
10/10
redlineruzkikakoytodiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

ruzkiKAKOYTO

C2

185.215.113.29:20819

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bc1f670af7d1a005020ea25d98fb851205760e374e3219c49f7a4cffc22aa916.exe
    "C:\Users\Admin\AppData\Local\Temp\bc1f670af7d1a005020ea25d98fb851205760e374e3219c49f7a4cffc22aa916.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1500

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1500-54-0x0000000000220000-0x000000000024B000-memory.dmp
    Filesize

    172KB

    Download
  • memory/1500-55-0x0000000000250000-0x0000000000289000-memory.dmp
    Filesize

    228KB

    Download
  • memory/1500-56-0x0000000000400000-0x000000000047A000-memory.dmp
    Filesize

    488KB

    Download
  • memory/1500-57-0x0000000004991000-0x0000000004992000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1500-58-0x0000000001F40000-0x0000000001F74000-memory.dmp
    Filesize

    208KB

    Download
  • memory/1500-59-0x0000000004992000-0x0000000004993000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1500-60-0x0000000004993000-0x0000000004994000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1500-61-0x0000000001F70000-0x0000000001FA2000-memory.dmp
    Filesize

    200KB

    Download
  • memory/1500-62-0x0000000074F01000-0x0000000074F03000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1500-63-0x0000000004994000-0x0000000004996000-memory.dmp
    Filesize

    8KB

    Download