Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220331-en -
submitted
12-04-2022 13:22
General
-
Target
9cf3483969457f0b6046eae0f281c43c.exe
-
Size
367KB
-
MD5
9cf3483969457f0b6046eae0f281c43c
-
SHA1
d647a4762c742799453dc40e2e2b81c350875e34
-
SHA256
4c3622798c473202ef6f648c098cb71d1bd6b35c98ce36ebe525299f6599124b
-
SHA512
7b2a2213b935b305178c5beda1d2367cd8a8207dccd6ee9ed119f15147827b8587e03fc633a241031b36fbf93eca786c6f1ab77e90703465f60fbd5f4a4e4746
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
50
C2
193.106.191.153:23196
Attributes
-
auth_value
8735fcb130c82dd9d353478678d60bde
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9cf3483969457f0b6046eae0f281c43c.exe"C:\Users\Admin\AppData\Local\Temp\9cf3483969457f0b6046eae0f281c43c.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
168KB
-
Filesize
192KB
-
Filesize
184KB
-
Filesize
220KB
-
Filesize
168KB
-
Filesize
528KB
-
Filesize
8KB