Analysis
-
max time kernel
33s -
max time network
43s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
20-05-2022 11:36
Static task
static1
Behavioral task
behavioral1
Sample
setup/AISetup-Crack.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
setup/AISetup-Crack.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
setup/Pre-Activated-Setup.exe
Resource
win7-20220414-en
General
-
Target
setup/AISetup-Crack.exe
-
Size
2.4MB
-
MD5
632c411467cb6300f1386c563b138778
-
SHA1
dc8f21dc53c8ef420cd417d2baf531567d9a21ce
-
SHA256
d49afecb53d0779d6767571c6576d6c1a5529cb6470a0262971b7e00724a7c6a
-
SHA512
043e4d05d0e1b3283fac0a944842ec5ac23329ae110eefeb18c2af2d2682451e35a2950533bd2ffcf502dc2991efd2a15946a4fd281068e40cf969de1fbe0f66
Malware Config
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 4 IoCs
Processes:
resource yara_rule behavioral1/memory/304-57-0x0000000000930000-0x0000000000B74000-memory.dmp family_redline behavioral1/memory/304-56-0x0000000000930000-0x0000000000B74000-memory.dmp family_redline behavioral1/memory/304-64-0x0000000000930000-0x0000000000B74000-memory.dmp family_redline behavioral1/memory/304-68-0x0000000000930000-0x0000000000B74000-memory.dmp family_redline -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
AISetup-Crack.exedescription pid process Token: SeDebugPrivilege 304 AISetup-Crack.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/304-54-0x0000000075311000-0x0000000075313000-memory.dmpFilesize
8KB
-
memory/304-55-0x0000000074B70000-0x0000000074BBA000-memory.dmpFilesize
296KB
-
memory/304-57-0x0000000000930000-0x0000000000B74000-memory.dmpFilesize
2.3MB
-
memory/304-56-0x0000000000930000-0x0000000000B74000-memory.dmpFilesize
2.3MB
-
memory/304-59-0x0000000076CA0000-0x0000000076D4C000-memory.dmpFilesize
688KB
-
memory/304-60-0x0000000076C50000-0x0000000076C97000-memory.dmpFilesize
284KB
-
memory/304-61-0x0000000074F10000-0x0000000074F67000-memory.dmpFilesize
348KB
-
memory/304-62-0x0000000074AD0000-0x0000000074AD9000-memory.dmpFilesize
36KB
-
memory/304-63-0x0000000000240000-0x0000000000282000-memory.dmpFilesize
264KB
-
memory/304-64-0x0000000000930000-0x0000000000B74000-memory.dmpFilesize
2.3MB
-
memory/304-65-0x0000000076C50000-0x0000000076C97000-memory.dmpFilesize
284KB
-
memory/304-67-0x0000000076290000-0x00000000763EC000-memory.dmpFilesize
1.4MB
-
memory/304-68-0x0000000000930000-0x0000000000B74000-memory.dmpFilesize
2.3MB
-
memory/304-69-0x0000000076BC0000-0x0000000076C4F000-memory.dmpFilesize
572KB
-
memory/304-70-0x0000000074A40000-0x0000000074AC0000-memory.dmpFilesize
512KB
-
memory/304-71-0x0000000075310000-0x0000000075F5A000-memory.dmpFilesize
12.3MB
-
memory/304-72-0x0000000073AD0000-0x0000000073AE7000-memory.dmpFilesize
92KB
-
memory/304-73-0x0000000076500000-0x0000000076535000-memory.dmpFilesize
212KB
-
memory/304-74-0x000000006BE80000-0x000000006C010000-memory.dmpFilesize
1.6MB
-
memory/304-75-0x000000006A960000-0x000000006A977000-memory.dmpFilesize
92KB