Analysis
-
max time kernel
51s -
max time network
71s -
platform
windows10_x64 -
resource
win10-20220414-en -
submitted
09-05-2022 15:31
General
-
Target
7941679c0a795bf34dc1c2020b78cffc72d9245efbf25be796ff8cc5ad4715aa.exe
-
Size
368KB
-
MD5
f740211150fd78907ad8c364e550248b
-
SHA1
b159dd4a7f266de0fde7ffac0ca4339a8193e0bd
-
SHA256
7941679c0a795bf34dc1c2020b78cffc72d9245efbf25be796ff8cc5ad4715aa
-
SHA512
4b95ee64d586655f2bb9329f3f33d9d8d0f25cc6a7f601cd79f44d7ca90c75f1d9c34e040a24729d495c42c1f39f2fb3b95336fa4d21698e82d7c48c9321b4b1
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
50n
C2
193.106.191.190:23196
Attributes
-
auth_value
d61a9ba1568b3b8e34c959aa0f254969
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7941679c0a795bf34dc1c2020b78cffc72d9245efbf25be796ff8cc5ad4715aa.exe"C:\Users\Admin\AppData\Local\Temp\7941679c0a795bf34dc1c2020b78cffc72d9245efbf25be796ff8cc5ad4715aa.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2424-118-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-119-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-120-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-121-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-122-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-123-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-124-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-125-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-127-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-126-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-128-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-129-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-130-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-131-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-132-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-133-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-134-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-135-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-136-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-137-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-138-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-139-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-140-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-141-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-142-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-143-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-145-0x0000000000813000-0x000000000083D000-memory.dmpFilesize
168KB
-
memory/2424-144-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-147-0x0000000000400000-0x000000000049E000-memory.dmpFilesize
632KB
-
memory/2424-148-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-146-0x0000000000A90000-0x0000000000AC7000-memory.dmpFilesize
220KB
-
memory/2424-149-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-150-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-151-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-152-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-153-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-154-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-155-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-156-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-157-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-158-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-159-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-160-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-161-0x0000000002620000-0x0000000002650000-memory.dmpFilesize
192KB
-
memory/2424-162-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-163-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-164-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-165-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-166-0x0000000004C30000-0x000000000512E000-memory.dmpFilesize
5.0MB
-
memory/2424-167-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-168-0x0000000004B30000-0x0000000004B5E000-memory.dmpFilesize
184KB
-
memory/2424-169-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-170-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-171-0x0000000005130000-0x0000000005736000-memory.dmpFilesize
6.0MB
-
memory/2424-172-0x0000000004C00000-0x0000000004C12000-memory.dmpFilesize
72KB
-
memory/2424-173-0x0000000005750000-0x000000000585A000-memory.dmpFilesize
1.0MB
-
memory/2424-174-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-175-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-176-0x0000000005860000-0x000000000589E000-memory.dmpFilesize
248KB
-
memory/2424-177-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-178-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-179-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-180-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-181-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-182-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-183-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-184-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-185-0x00000000058F0000-0x000000000593B000-memory.dmpFilesize
300KB
-
memory/2424-186-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-187-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-188-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-189-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-190-0x0000000005B80000-0x0000000005BE6000-memory.dmpFilesize
408KB
-
memory/2424-191-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-192-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-193-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/2424-198-0x0000000006230000-0x00000000062A6000-memory.dmpFilesize
472KB
-
memory/2424-199-0x00000000062E0000-0x0000000006372000-memory.dmpFilesize
584KB
-
memory/2424-202-0x00000000064E0000-0x00000000064FE000-memory.dmpFilesize
120KB
-
memory/2424-203-0x0000000006700000-0x00000000068C2000-memory.dmpFilesize
1.8MB
-
memory/2424-204-0x00000000068D0000-0x0000000006DFC000-memory.dmpFilesize
5.2MB