Overview

overview

10

Static

static

1

0bc3bf3d57...e2.exe

windows7-x64

10

0bc3bf3d57...e2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    31s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    22-03-2023 20:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0bc3bf3d578af6f367f2ba1e2684c686ab2339fbcaa3edd38e83789a692df1e2.exe

  • Size

    313KB

  • MD5

    f766e02da046dcd0b34eed69e2c68182

  • SHA1

    b37a62cc2e299e204f64a741a532685bfd42289f

  • SHA256

    0bc3bf3d578af6f367f2ba1e2684c686ab2339fbcaa3edd38e83789a692df1e2

  • SHA512

    2a88b490526c09abc76ea28cb5e81733a5afb1571783e38c36595bd48b45350f2f70dceacee65c03e880d43a6e544e36b499cf9aa47b96baa7861b7eff0ae3db

  • SSDEEP

    6144:Q+kiHuUvh9Qfpe08PcowUm6GQhT+hF96JRTTfmCtdS8tpqj:Q+kiHxzQfpN8sUmVQohF4JxNdSm0j

Score
10/10
redlinedozkdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

dozk

C2

91.215.85.15:25916

Attributes
  • auth_value

    9f1dc4ff242fb8b53742acae0ef96143

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 36 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0bc3bf3d578af6f367f2ba1e2684c686ab2339fbcaa3edd38e83789a692df1e2.exe
    "C:\Users\Admin\AppData\Local\Temp\0bc3bf3d578af6f367f2ba1e2684c686ab2339fbcaa3edd38e83789a692df1e2.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2008

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2008-55-0x0000000002220000-0x000000000227A000-memory.dmp
    Filesize

    360KB

    Download
  • memory/2008-56-0x00000000022F0000-0x0000000002348000-memory.dmp
    Filesize

    352KB

    Download
  • memory/2008-57-0x0000000000220000-0x0000000000282000-memory.dmp
    Filesize

    392KB

    Download
  • memory/2008-58-0x0000000004AA0000-0x0000000004AE0000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2008-59-0x0000000004AA0000-0x0000000004AE0000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2008-60-0x00000000022F0000-0x0000000002342000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2008-61-0x00000000022F0000-0x0000000002342000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2008-65-0x00000000022F0000-0x0000000002342000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2008-67-0x00000000022F0000-0x0000000002342000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2008-69-0x00000000022F0000-0x0000000002342000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2008-73-0x00000000022F0000-0x0000000002342000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2008-75-0x00000000022F0000-0x0000000002342000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2008-77-0x00000000022F0000-0x0000000002342000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2008-79-0x00000000022F0000-0x0000000002342000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2008-81-0x00000000022F0000-0x0000000002342000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2008-83-0x00000000022F0000-0x0000000002342000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2008-85-0x00000000022F0000-0x0000000002342000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2008-87-0x00000000022F0000-0x0000000002342000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2008-89-0x00000000022F0000-0x0000000002342000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2008-91-0x00000000022F0000-0x0000000002342000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2008-93-0x00000000022F0000-0x0000000002342000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2008-95-0x00000000022F0000-0x0000000002342000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2008-97-0x00000000022F0000-0x0000000002342000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2008-99-0x00000000022F0000-0x0000000002342000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2008-101-0x00000000022F0000-0x0000000002342000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2008-103-0x00000000022F0000-0x0000000002342000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2008-107-0x00000000022F0000-0x0000000002342000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2008-109-0x00000000022F0000-0x0000000002342000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2008-111-0x00000000022F0000-0x0000000002342000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2008-113-0x00000000022F0000-0x0000000002342000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2008-117-0x00000000022F0000-0x0000000002342000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2008-119-0x00000000022F0000-0x0000000002342000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2008-121-0x00000000022F0000-0x0000000002342000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2008-123-0x00000000022F0000-0x0000000002342000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2008-115-0x00000000022F0000-0x0000000002342000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2008-105-0x00000000022F0000-0x0000000002342000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2008-71-0x00000000022F0000-0x0000000002342000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2008-63-0x00000000022F0000-0x0000000002342000-memory.dmp
    Filesize

    328KB

    Download
  • memory/2008-850-0x0000000004AA0000-0x0000000004AE0000-memory.dmp
    Filesize

    256KB

    Download