Analysis Overview

score

10^/10

SHA256

b044c2299a0e72d2a3fec0529f9a31ea79eb5cc1754f86be440a5e57d673d687

Threat Level: Known bad

The file RedLine_Free.exe was found to be: Known bad.

Malicious Activity Summary

elysiumstealer stealer

ElysiumStealer

ElysiumStealer Support DLL

Loads dropped DLL

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2023-01-31 01:55

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-01-31 01:55

Reported

2023-01-31 01:58

Platform

win7-20220901-en

Max time kernel

45s

Max time network

49s

Command Line

"C:\Users\Admin\AppData\Local\Temp\RedLine_Free.exe"

Signatures

ElysiumStealer

stealer elysiumstealer

ElysiumStealer Support DLL

Description	Indicator	Process	Target
N/A	N/A	N/A	N/A

Loads dropped DLL

Description	Indicator	Process	Target
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\RedLine_Free.exe	N/A

Processes

C:\Users\Admin\AppData\Local\Temp\RedLine_Free.exe

"C:\Users\Admin\AppData\Local\Temp\RedLine_Free.exe"

Network

N/A

Files

memory/944-54-0x0000000000B90000-0x0000000000DCA000-memory.dmp

memory/944-55-0x00000000004F0000-0x00000000004FC000-memory.dmp

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\NativePRo.dll

MD5	94173de2e35aa8d621fc1c4f54b2a082
SHA1	fbb2266ee47f88462560f0370edb329554cd5869
SHA256	7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512	cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

memory/944-57-0x00000000063C0000-0x0000000006796000-memory.dmp

memory/944-58-0x0000000004A35000-0x0000000004A46000-memory.dmp

memory/944-59-0x0000000004A35000-0x0000000004A46000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-01-31 01:55

Reported

2023-01-31 01:56

Platform

win10v2004-20220812-en

Max time kernel

34s

Max time network

38s

Command Line

"C:\Users\Admin\AppData\Local\Temp\RedLine_Free.exe"

Signatures

ElysiumStealer

stealer elysiumstealer

ElysiumStealer Support DLL

Description	Indicator	Process	Target
N/A	N/A	N/A	N/A

Loads dropped DLL

Description	Indicator	Process	Target
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\RedLine_Free.exe	N/A

Suspicious behavior: EnumeratesProcesses

Description	Indicator	Process	Target
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\RedLine_Free.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\RedLine_Free.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\RedLine_Free.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\RedLine_Free.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\RedLine_Free.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\RedLine_Free.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\RedLine_Free.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\RedLine_Free.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\RedLine_Free.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\RedLine_Free.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\RedLine_Free.exe	N/A

Suspicious use of AdjustPrivilegeToken

Description	Indicator	Process	Target
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\RedLine_Free.exe	N/A

Processes

C:\Users\Admin\AppData\Local\Temp\RedLine_Free.exe

"C:\Users\Admin\AppData\Local\Temp\RedLine_Free.exe"

Network

Country	Destination	Domain	Proto
N/A	93.184.221.240:80		tcp
N/A	93.184.221.240:80		tcp

Files

memory/868-132-0x0000000000DA0000-0x0000000000FDA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\NativePRo.dll

MD5	94173de2e35aa8d621fc1c4f54b2a082
SHA1	fbb2266ee47f88462560f0370edb329554cd5869
SHA256	7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512	cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

memory/868-134-0x0000000007210000-0x00000000077B4000-memory.dmp

memory/868-135-0x0000000006D00000-0x0000000006D92000-memory.dmp

memory/868-136-0x0000000006CA0000-0x0000000006CAA000-memory.dmp

memory/868-137-0x000000000C380000-0x000000000C41C000-memory.dmp

Sample ID	230131-ccc53afh8x
Target	RedLine_Free.exe
SHA256	b044c2299a0e72d2a3fec0529f9a31ea79eb5cc1754f86be440a5e57d673d687
Tags	elysiumstealer stealer

Malware Analysis Report

2024-08-06 08:49

Table of Contents

Analysis Overview

Threat Level: Known bad

Malicious Activity Summary

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files