Overview

overview

10

Static

static

1

931550f644...29.exe

windows7-x64

10

931550f644...29.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    30s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    28-03-2023 01:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    931550f6442765e288034980250788695e5e57bc2ec44b1a09fd6115fb5a1e29.exe

  • Size

    380KB

  • MD5

    6ac746b33d45f3a5389023fa3aa38a40

  • SHA1

    ed149f7728ffb1cfaa6b9884522647dad1dd261b

  • SHA256

    931550f6442765e288034980250788695e5e57bc2ec44b1a09fd6115fb5a1e29

  • SHA512

    dff49074f5b26182060eaecf257189a2c4cfca37295f4150fde8a3465ebcb58283cb1f768a0f6793668deaa1e9bd66bfeaf9a926ae85771f10739fbe850d0093

  • SSDEEP

    6144:qRnxyU+DIM5nSAy6YbWYYo4zsxDOdu6Q0KgT8S/ANN4T:qRnxt+Ddt49tvOrlT2N

Score
10/10
redline@chicagodiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

@chicago

C2

185.11.61.125:22344

Attributes
  • auth_value

    21f863e0cbd09d0681058e068d0d1d7f

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 36 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\931550f6442765e288034980250788695e5e57bc2ec44b1a09fd6115fb5a1e29.exe
    "C:\Users\Admin\AppData\Local\Temp\931550f6442765e288034980250788695e5e57bc2ec44b1a09fd6115fb5a1e29.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2036

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2036-55-0x00000000049C0000-0x0000000004A1A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/2036-56-0x0000000000360000-0x00000000003C2000-memory.dmp

    Filesize

    392KB

    Download

  • memory/2036-57-0x00000000070E0000-0x0000000007120000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2036-58-0x0000000004A20000-0x0000000004A78000-memory.dmp

    Filesize

    352KB

    Download

  • memory/2036-59-0x0000000004A20000-0x0000000004A72000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2036-60-0x0000000004A20000-0x0000000004A72000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2036-62-0x0000000004A20000-0x0000000004A72000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2036-64-0x0000000004A20000-0x0000000004A72000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2036-66-0x0000000004A20000-0x0000000004A72000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2036-68-0x0000000004A20000-0x0000000004A72000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2036-70-0x0000000004A20000-0x0000000004A72000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2036-74-0x0000000004A20000-0x0000000004A72000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2036-72-0x0000000004A20000-0x0000000004A72000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2036-76-0x0000000004A20000-0x0000000004A72000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2036-78-0x0000000004A20000-0x0000000004A72000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2036-82-0x0000000004A20000-0x0000000004A72000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2036-84-0x0000000004A20000-0x0000000004A72000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2036-80-0x0000000004A20000-0x0000000004A72000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2036-88-0x0000000004A20000-0x0000000004A72000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2036-86-0x0000000004A20000-0x0000000004A72000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2036-90-0x0000000004A20000-0x0000000004A72000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2036-94-0x0000000004A20000-0x0000000004A72000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2036-92-0x0000000004A20000-0x0000000004A72000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2036-96-0x0000000004A20000-0x0000000004A72000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2036-98-0x0000000004A20000-0x0000000004A72000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2036-102-0x0000000004A20000-0x0000000004A72000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2036-100-0x0000000004A20000-0x0000000004A72000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2036-104-0x0000000004A20000-0x0000000004A72000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2036-106-0x0000000004A20000-0x0000000004A72000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2036-108-0x0000000004A20000-0x0000000004A72000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2036-112-0x0000000004A20000-0x0000000004A72000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2036-114-0x0000000004A20000-0x0000000004A72000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2036-110-0x0000000004A20000-0x0000000004A72000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2036-118-0x0000000004A20000-0x0000000004A72000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2036-116-0x0000000004A20000-0x0000000004A72000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2036-122-0x0000000004A20000-0x0000000004A72000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2036-120-0x0000000004A20000-0x0000000004A72000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2036-849-0x00000000070E0000-0x0000000007120000-memory.dmp

    Filesize

    256KB

    Download