Overview

overview

10

Static

static

SecuriteIn...02.exe

windows7_x64

10

SecuriteIn...02.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    4294196s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20220223-en
  • submitted
    08-03-2022 19:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Trojan.PWS.Steam.26450.29302.exe

  • Size

    1.1MB

  • MD5

    1cb79dd340381e83c85a178c8a921b36

  • SHA1

    3e8be81d4217a38a325058666395dcb32b122474

  • SHA256

    6087cbea917f0062401149be475a2d9440d00ce2a962d3be3b16f26264729233

  • SHA512

    f0425436b7df637bb9b886ea6759c3b225f1368a10dbdc890b3fc6ee5b3e5472f0d7da56bcf037d709c5d1ccbfdf516a18bde975f3f9165e278c89b5ac3a3766

Score
10/10
redlinebildinfostealer

Malware Config

Extracted

Family

redline

Botnet

bild

C2

95.216.21.217:19597

Attributes
  • auth_value

    6a86304a315cc6a978ccb33feb915de5

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 5 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Steam.26450.29302.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Steam.26450.29302.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:1928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1928-54-0x00000000757C1000-0x00000000757C3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1928-55-0x0000000074990000-0x00000000749DA000-memory.dmp
    Filesize

    296KB

    Download
  • memory/1928-56-0x0000000000250000-0x0000000000296000-memory.dmp
    Filesize

    280KB

    Download
  • memory/1928-57-0x00000000013A0000-0x00000000014DA000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/1928-58-0x00000000013A0000-0x00000000014DA000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/1928-59-0x00000000000C0000-0x00000000000C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1928-61-0x0000000075120000-0x00000000751CC000-memory.dmp
    Filesize

    688KB

    Download
  • memory/1928-62-0x0000000075770000-0x00000000757B7000-memory.dmp
    Filesize

    284KB

    Download
  • memory/1928-63-0x00000000751E0000-0x0000000075237000-memory.dmp
    Filesize

    348KB

    Download
  • memory/1928-65-0x0000000076BC0000-0x0000000076D1C000-memory.dmp
    Filesize

    1.4MB

    Download
  • memory/1928-66-0x00000000013A0000-0x00000000014DA000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/1928-67-0x00000000764A0000-0x000000007652F000-memory.dmp
    Filesize

    572KB

    Download
  • memory/1928-70-0x00000000013A0000-0x00000000014DA000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/1928-71-0x00000000001C0000-0x00000000001C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1928-69-0x00000000013A0000-0x00000000014DA000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/1928-72-0x0000000075770000-0x00000000757B7000-memory.dmp
    Filesize

    284KB

    Download
  • memory/1928-73-0x0000000073F60000-0x000000007464E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/1928-74-0x00000000757C0000-0x000000007640A000-memory.dmp
    Filesize

    12.3MB

    Download
  • memory/1928-75-0x000000006CE40000-0x000000006CE57000-memory.dmp
    Filesize

    92KB

    Download
  • memory/1928-76-0x0000000004FF0000-0x0000000004FF1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1928-77-0x0000000076590000-0x00000000765C5000-memory.dmp
    Filesize

    212KB

    Download