Overview

overview

10

Static

static

10

Redline St....2.exe

windows10-1703-x64

10

Redline St...ck.exe

windows10-1703-x64

10

Redline St...db.dll

windows10-1703-x64

1

Redline St...db.dll

windows10-1703-x64

1

Redline St...ks.dll

windows10-1703-x64

1

Redline St...il.dll

windows10-1703-x64

1

Redline St...ub.exe

windows10-1703-x64

10

Redline St...st.exe

windows10-1703-x64

10

Redline St...CF.dll

windows10-1703-x64

1

Redline St....2.exe

windows10-1703-x64

10

Redline St...er.exe

windows10-1703-x64

10

Redline St....2.exe

windows10-1703-x64

10

Redline St...xe.xml

windows10-1703-x64

1

Redline St...ck.exe

windows10-1703-x64

10

Redline St...).docx

windows10-1703-x64

1

Redline St...).docx

windows10-1703-x64

1

Redline St....2.exe

windows10-1703-x64

10

Redline St...el.exe

windows10-1703-x64

10

Redline St....2.exe

windows10-1703-x64

10

Redline St...ck.exe

windows10-1703-x64

10

Redline St...me.exe

windows10-1703-x64

8

Redline St...48.exe

windows10-1703-x64

7

Redline St...ar.exe

windows10-1703-x64

1

Analysis

  • max time kernel
    142s
  • max time network
    150s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    24-04-2023 15:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Redline Stealer v24.2 cracked [XT_CH]/Kurome.Loader/Kurome.Loader.exe.xml

  • Size

    186B

  • MD5

    9070d769fd43fb9def7e9954fba4c033

  • SHA1

    de4699cdf9ad03aef060470c856f44d3faa7ea7f

  • SHA256

    cbaf2ae95b1133026c58ab6362af2f7fb2a1871d7ad58b87bd73137598228d9b

  • SHA512

    170028b66c5d2db2b8c90105b77b0b691bf9528dc9f07d4b3983d93e9e37ea1154095aaf264fb8b5e67c167239697337cc9e585e87ef35faa65a969cac1aa518

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
    "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Redline Stealer v24.2 cracked [XT_CH]\Kurome.Loader\Kurome.Loader.exe.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2436
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Redline Stealer v24.2 cracked [XT_CH]\Kurome.Loader\Kurome.Loader.exe.xml
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2852
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2852 CREDAT:82945 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4404

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    d6b67afeb31f0d9bfe232166e8b300c5

    SHA1

    6ba1a534d40fea9302591aaee8fb6969bfa28e4b

    SHA256

    ab4f8d3ad2a02ad67059703fcb9c7ecd397d9abfce4b4cacdf7ecc11b4e37520

    SHA512

    62c9fc6797c263bf33c8f52d5d41ce276b3df2aaed6433d582987a607ae508f5389f86d5d8a63cc5715964623f5be08d5741ddd70a0fe18f0140eb314815c272

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    beeaef03310738182cabde5fe4938b82

    SHA1

    f3767def70da4f72f1069a817a27d7128b092d21

    SHA256

    c8a375dd23afa187bbc9085c7a462611f9f05ddecdaa01ea406d4f5025e6e4fe

    SHA512

    70af918c92755615e93ecfcd791f5397160442f214a4e0b80c4427508e9cac90cdf23c1eb85a023616452a1c91bdb77c0a27add148eab4b95486e3f3badfd099

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TTLFUYWG\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\MBM27CN7.cookie
    Filesize

    613B

    MD5

    0986860dff0286980c1e2c20aa0d802b

    SHA1

    4f5b59e4f3b140e02fa7aa734751bc2a52b7be20

    SHA256

    b0f844591bea03ef41b6340fed8e0b08ffdf974219f34d142b24f61297410bd4

    SHA512

    a3d1c5519c150e0aeecda26290fb4f7bfce36a906f555f4fa98b13aae09cd8a924ca57bc96ea224e0b3d4c44c0739eb32fab5a4fcd4be18a3bab4439a5f3ad19

    Download Submit
  • memory/2436-121-0x00007FFF5C380000-0x00007FFF5C390000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2436-122-0x00007FFF5C380000-0x00007FFF5C390000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2436-123-0x00007FFF5C380000-0x00007FFF5C390000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2436-124-0x00007FFF5C380000-0x00007FFF5C390000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2436-125-0x00007FFF5C380000-0x00007FFF5C390000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2436-126-0x00007FFF5C380000-0x00007FFF5C390000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2436-127-0x00007FFF5C380000-0x00007FFF5C390000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2436-128-0x00007FFF5C380000-0x00007FFF5C390000-memory.dmp
    Filesize

    64KB

    Download