Analysis

  • max time kernel
    96s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-02-2023 09:41

General

  • Target

    8b2d4538271a90b78c2f8a7ffcf8b68297810b57091452333ffe69a02cffbaa0.exe

  • Size

    340KB

  • MD5

    efd65f0443fa82b6dd3350a9847c0fef

  • SHA1

    21353747128599dda7fd50bbe1e5da015b8d7082

  • SHA256

    8b2d4538271a90b78c2f8a7ffcf8b68297810b57091452333ffe69a02cffbaa0

  • SHA512

    7e6d3af05619815f5cb3dd4b64de004a779ba88ac5c04365a8bbb1ca0728093663937da39b12639809338be2d0154f0717db57058dead2aebcd3caddef088225

  • SSDEEP

    6144:nbDQmioYCCAYp5fRZOVANlZ1iJ5ZccG7uMR9NX23BoIgPEDZCO4lw1JedPlC:nbDQ7LpDcVAN1lDm3BoIgPEDZCO4lw1H

Malware Config

Extracted

Family

redline

Botnet

24.01

C2

37.220.86.164:29170

Attributes
  • auth_value

    1c7f0aa21138601b5201a3a4a0123991

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8b2d4538271a90b78c2f8a7ffcf8b68297810b57091452333ffe69a02cffbaa0.exe
    "C:\Users\Admin\AppData\Local\Temp\8b2d4538271a90b78c2f8a7ffcf8b68297810b57091452333ffe69a02cffbaa0.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4944

Network

    No results found
  • 40.126.32.76:443
    260 B
    5
  • 37.220.86.164:29170
    8b2d4538271a90b78c2f8a7ffcf8b68297810b57091452333ffe69a02cffbaa0.exe
    260 B
    5
  • 93.184.221.240:80
    322 B
    7
  • 104.80.225.205:443
    322 B
    7
  • 37.220.86.164:29170
    8b2d4538271a90b78c2f8a7ffcf8b68297810b57091452333ffe69a02cffbaa0.exe
    3.6MB
    38.3kB
    2630
    757
  • 51.11.192.48:443
    322 B
    7
  • 93.184.221.240:80
    322 B
    7
  • 93.184.221.240:80
    322 B
    7
  • 93.184.221.240:80
    322 B
    7
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4944-132-0x0000000000750000-0x00000000007AA000-memory.dmp

    Filesize

    360KB

  • memory/4944-133-0x000000000AEB0000-0x000000000B4C8000-memory.dmp

    Filesize

    6.1MB

  • memory/4944-134-0x000000000A9A0000-0x000000000AAAA000-memory.dmp

    Filesize

    1.0MB

  • memory/4944-135-0x000000000A890000-0x000000000A8A2000-memory.dmp

    Filesize

    72KB

  • memory/4944-136-0x000000000A8F0000-0x000000000A92C000-memory.dmp

    Filesize

    240KB

  • memory/4944-137-0x000000000B670000-0x000000000B702000-memory.dmp

    Filesize

    584KB

  • memory/4944-138-0x000000000BCC0000-0x000000000C264000-memory.dmp

    Filesize

    5.6MB

  • memory/4944-139-0x000000000B5D0000-0x000000000B636000-memory.dmp

    Filesize

    408KB

  • memory/4944-140-0x000000000CD20000-0x000000000CD96000-memory.dmp

    Filesize

    472KB

  • memory/4944-141-0x000000000BC50000-0x000000000BCA0000-memory.dmp

    Filesize

    320KB

  • memory/4944-142-0x000000000CF70000-0x000000000D132000-memory.dmp

    Filesize

    1.8MB

  • memory/4944-143-0x000000000D670000-0x000000000DB9C000-memory.dmp

    Filesize

    5.2MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.