Overview

overview

10

Static

static

3

9ce4574e9a...ab.exe

windows7-x64

10

9ce4574e9a...ab.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/05/2023, 18:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9ce4574e9ae6006efe4680835041cae023030a713a26012d96080a7500c6efab.exe

  • Size

    618KB

  • MD5

    c60401df68c5cf954bee44d163328b81

  • SHA1

    5576a174ab2bd07ba9f0bb700066fb03b7f66b19

  • SHA256

    9ce4574e9ae6006efe4680835041cae023030a713a26012d96080a7500c6efab

  • SHA512

    5274cf4ba857fdc8a1255c7a17038f5cc98f0fa920d54d0166152679d99669872eae6d494b0b03b70654f1394b82c53ca349bb4a637801f35f2a73e7dda5a34b

  • SSDEEP

    12288:iy908XhvpYIP8bwNtFKZTKImkaAIdezohF51V:iy7xRpgwNTKZTKiaDDhFzV

Score
10/10
redlineevasioninfostealerpersistencestealertrojan

Malware Config

Signatures

  • Detects Redline Stealer samples 1 IoCs

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Executes dropped EXE 3 IoCs
  • Windows security modification 2 TTPs 1 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9ce4574e9ae6006efe4680835041cae023030a713a26012d96080a7500c6efab.exe
    "C:\Users\Admin\AppData\Local\Temp\9ce4574e9ae6006efe4680835041cae023030a713a26012d96080a7500c6efab.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1912
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\st765991.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\st765991.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:1880
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\73089242.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\73089242.exe
        3⤵
        • Modifies Windows Defender Real-time Protection settings
        • Executes dropped EXE
        • Windows security modification
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:4520
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp234658.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp234658.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:380

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\st765991.exe
    Filesize

    463KB

    MD5

    d2e89d9f3c4a35cb4bd1fef7ed799193

    SHA1

    ffe6050de372c651c831e44dc83ef5f159237eda

    SHA256

    6cbcfb355ef21e7bd1b43d51d17a8dfe9160ae1e59af081272641d0f313033aa

    SHA512

    5bde03322889676088e1dfc7af133d046cc3e9e287594769cde6734aa447861d735b69d1d329cac159edd78805c0ca4901a6410202ceca58dd501c6537a36179

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\st765991.exe
    Filesize

    463KB

    MD5

    d2e89d9f3c4a35cb4bd1fef7ed799193

    SHA1

    ffe6050de372c651c831e44dc83ef5f159237eda

    SHA256

    6cbcfb355ef21e7bd1b43d51d17a8dfe9160ae1e59af081272641d0f313033aa

    SHA512

    5bde03322889676088e1dfc7af133d046cc3e9e287594769cde6734aa447861d735b69d1d329cac159edd78805c0ca4901a6410202ceca58dd501c6537a36179

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\73089242.exe
    Filesize

    11KB

    MD5

    7e93bacbbc33e6652e147e7fe07572a0

    SHA1

    421a7167da01c8da4dc4d5234ca3dd84e319e762

    SHA256

    850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38

    SHA512

    250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\73089242.exe
    Filesize

    11KB

    MD5

    7e93bacbbc33e6652e147e7fe07572a0

    SHA1

    421a7167da01c8da4dc4d5234ca3dd84e319e762

    SHA256

    850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38

    SHA512

    250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp234658.exe
    Filesize

    473KB

    MD5

    e495c5b12886065a3e33095af21184a4

    SHA1

    ec5989e2429736b2539f62a299ea0e1a9ef46091

    SHA256

    c81848c12da1e08b9d7a477e76956b3daeb091ecf10e57d4d4ac755477837821

    SHA512

    6aa3d343c441c3e5dc8a81ad40b36d26c2f017c647d4f8efbc8374b9989627c6893eb508aa4de4eef2e1b37ec9ab0fcdb61dd182800797b0ccd7eab36d339837

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp234658.exe
    Filesize

    473KB

    MD5

    e495c5b12886065a3e33095af21184a4

    SHA1

    ec5989e2429736b2539f62a299ea0e1a9ef46091

    SHA256

    c81848c12da1e08b9d7a477e76956b3daeb091ecf10e57d4d4ac755477837821

    SHA512

    6aa3d343c441c3e5dc8a81ad40b36d26c2f017c647d4f8efbc8374b9989627c6893eb508aa4de4eef2e1b37ec9ab0fcdb61dd182800797b0ccd7eab36d339837

    Download Submit

  • memory/380-153-0x00000000008D0000-0x0000000000916000-memory.dmp

    Filesize

    280KB

    Download

  • memory/380-154-0x0000000005060000-0x0000000005604000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/380-155-0x0000000002CF0000-0x0000000002D00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/380-156-0x0000000002CF0000-0x0000000002D00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/380-157-0x0000000002CF0000-0x0000000002D00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/380-158-0x0000000002AA0000-0x0000000002AD5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/380-159-0x0000000002AA0000-0x0000000002AD5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/380-161-0x0000000002AA0000-0x0000000002AD5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/380-163-0x0000000002AA0000-0x0000000002AD5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/380-165-0x0000000002AA0000-0x0000000002AD5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/380-167-0x0000000002AA0000-0x0000000002AD5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/380-169-0x0000000002AA0000-0x0000000002AD5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/380-171-0x0000000002AA0000-0x0000000002AD5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/380-173-0x0000000002AA0000-0x0000000002AD5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/380-175-0x0000000002AA0000-0x0000000002AD5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/380-177-0x0000000002AA0000-0x0000000002AD5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/380-179-0x0000000002AA0000-0x0000000002AD5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/380-181-0x0000000002AA0000-0x0000000002AD5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/380-183-0x0000000002AA0000-0x0000000002AD5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/380-185-0x0000000002AA0000-0x0000000002AD5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/380-187-0x0000000002AA0000-0x0000000002AD5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/380-189-0x0000000002AA0000-0x0000000002AD5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/380-191-0x0000000002AA0000-0x0000000002AD5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/380-193-0x0000000002AA0000-0x0000000002AD5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/380-195-0x0000000002AA0000-0x0000000002AD5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/380-197-0x0000000002AA0000-0x0000000002AD5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/380-199-0x0000000002AA0000-0x0000000002AD5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/380-201-0x0000000002AA0000-0x0000000002AD5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/380-203-0x0000000002AA0000-0x0000000002AD5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/380-205-0x0000000002AA0000-0x0000000002AD5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/380-207-0x0000000002AA0000-0x0000000002AD5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/380-209-0x0000000002AA0000-0x0000000002AD5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/380-211-0x0000000002AA0000-0x0000000002AD5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/380-215-0x0000000002AA0000-0x0000000002AD5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/380-213-0x0000000002AA0000-0x0000000002AD5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/380-217-0x0000000002AA0000-0x0000000002AD5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/380-221-0x0000000002AA0000-0x0000000002AD5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/380-219-0x0000000002AA0000-0x0000000002AD5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/380-950-0x0000000007990000-0x0000000007FA8000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/380-951-0x0000000002CC0000-0x0000000002CD2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/380-952-0x0000000007FB0000-0x00000000080BA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/380-953-0x00000000080C0000-0x00000000080FC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/380-954-0x0000000002CF0000-0x0000000002D00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/380-956-0x0000000002CF0000-0x0000000002D00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/380-957-0x0000000002CF0000-0x0000000002D00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/380-958-0x0000000002CF0000-0x0000000002D00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/380-959-0x0000000002CF0000-0x0000000002D00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4520-147-0x0000000000BB0000-0x0000000000BBA000-memory.dmp

    Filesize

    40KB

    Download