Analysis
-
max time kernel
54s -
max time network
146s -
platform
windows10_x64 -
resource
win10-20220414-en -
submitted
09-05-2022 12:21
General
-
Target
6ee65af153d624d3f3918bbd303e9f0766a802db350f403e2c3649b0c5a4f0c4.exe
-
Size
368KB
-
MD5
7eaf0defe753fd3a2b5b0961b65968f6
-
SHA1
8f3e1ece3aeda2c916ac50dc4a894bb67a2f06c6
-
SHA256
6ee65af153d624d3f3918bbd303e9f0766a802db350f403e2c3649b0c5a4f0c4
-
SHA512
1eebedf9b11431eec60ce23760c3157dac89d9f819010141aea4bab11bd1154cc97b37469cfd8dea8314756827b236ff965ff5ad39a299954688acabf4b56b87
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
50n
C2
193.106.191.190:23196
Attributes
-
auth_value
d61a9ba1568b3b8e34c959aa0f254969
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6ee65af153d624d3f3918bbd303e9f0766a802db350f403e2c3649b0c5a4f0c4.exe"C:\Users\Admin\AppData\Local\Temp\6ee65af153d624d3f3918bbd303e9f0766a802db350f403e2c3649b0c5a4f0c4.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2472-117-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-118-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-119-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-120-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-121-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-122-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-123-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-124-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-125-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-126-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-127-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-128-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-129-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-130-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-132-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-133-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-134-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-135-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-136-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-138-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-137-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-139-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-140-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-141-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-142-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-143-0x0000000000550000-0x000000000069A000-memory.dmpFilesize
1.3MB
-
memory/2472-144-0x00000000004F0000-0x0000000000527000-memory.dmpFilesize
220KB
-
memory/2472-145-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-146-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-147-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-148-0x0000000000400000-0x000000000049E000-memory.dmpFilesize
632KB
-
memory/2472-149-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-150-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-151-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-152-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-153-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-154-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-155-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-156-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-157-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-158-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-159-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-160-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-161-0x00000000023A0000-0x00000000023D0000-memory.dmpFilesize
192KB
-
memory/2472-162-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-163-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-164-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-165-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-166-0x0000000004C00000-0x00000000050FE000-memory.dmpFilesize
5.0MB
-
memory/2472-167-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-168-0x00000000024A0000-0x00000000024CE000-memory.dmpFilesize
184KB
-
memory/2472-169-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-170-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-171-0x0000000005710000-0x0000000005D16000-memory.dmpFilesize
6.0MB
-
memory/2472-172-0x0000000004AC0000-0x0000000004AD2000-memory.dmpFilesize
72KB
-
memory/2472-173-0x0000000005100000-0x000000000520A000-memory.dmpFilesize
1.0MB
-
memory/2472-174-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-175-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-176-0x0000000004AF0000-0x0000000004B2E000-memory.dmpFilesize
248KB
-
memory/2472-177-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-178-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-179-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-180-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-181-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-182-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-183-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-184-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-185-0x0000000004B80000-0x0000000004BCB000-memory.dmpFilesize
300KB
-
memory/2472-186-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-187-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-188-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-189-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-190-0x0000000005430000-0x0000000005496000-memory.dmpFilesize
408KB
-
memory/2472-191-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-192-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-193-0x0000000076F40000-0x00000000770CE000-memory.dmpFilesize
1.6MB
-
memory/2472-198-0x00000000060E0000-0x0000000006156000-memory.dmpFilesize
472KB
-
memory/2472-199-0x0000000006180000-0x0000000006212000-memory.dmpFilesize
584KB
-
memory/2472-202-0x00000000063B0000-0x00000000063CE000-memory.dmpFilesize
120KB
-
memory/2472-203-0x00000000065C0000-0x0000000006782000-memory.dmpFilesize
1.8MB
-
memory/2472-204-0x0000000006790000-0x0000000006CBC000-memory.dmpFilesize
5.2MB