Overview

overview

10

Static

static

1

a0eb22ecb0...16.exe

windows7-x64

10

a0eb22ecb0...16.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    40s
  • max time network
    44s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    06/02/2023, 10:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a0eb22ecb0d5658c82d19d67df932896149bc9a5156f11e1605612ffd373d516.exe

  • Size

    388KB

  • MD5

    afe8f71beee2e5678e9edd11bf33a61b

  • SHA1

    efef6dba6cd8a3dfed3585f955bfb0666ef6df65

  • SHA256

    a0eb22ecb0d5658c82d19d67df932896149bc9a5156f11e1605612ffd373d516

  • SHA512

    26233fb56f702b4d997d972f65748b0c0426f14b5204d57c7a0944fae3f4132806e17994de9b27c61eb7282ccbff28a5bf79e6b64f0c86cbf1af7afe290ee4d4

  • SSDEEP

    6144:z8ZTwp5L0yutewDIWaL3q0x74dDmhjn/3HwHVu7LkoeGQRYF:AZTko9tfi3hz/3woA

Score
10/10
redlinediscoveryinfostealerspywarestealer

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a0eb22ecb0d5658c82d19d67df932896149bc9a5156f11e1605612ffd373d516.exe
    "C:\Users\Admin\AppData\Local\Temp\a0eb22ecb0d5658c82d19d67df932896149bc9a5156f11e1605612ffd373d516.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:856

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/856-55-0x0000000000760000-0x00000000007C2000-memory.dmp

          Filesize

          392KB

          Download

        • memory/856-54-0x000000000096B000-0x0000000000999000-memory.dmp

          Filesize

          184KB

          Download

        • memory/856-56-0x0000000000400000-0x00000000004E3000-memory.dmp

          Filesize

          908KB

          Download

        • memory/856-57-0x00000000047D0000-0x000000000482A000-memory.dmp

          Filesize

          360KB

          Download

        • memory/856-58-0x0000000004830000-0x0000000004888000-memory.dmp

          Filesize

          352KB

          Download

        • memory/856-59-0x0000000076151000-0x0000000076153000-memory.dmp

          Filesize

          8KB

          Download

        • memory/856-60-0x000000000096B000-0x0000000000999000-memory.dmp

          Filesize

          184KB

          Download

        • memory/856-61-0x0000000000400000-0x00000000004E3000-memory.dmp

          Filesize

          908KB

          Download