Overview

overview

10

Static

static

3

43940d0d2d...c8.exe

windows7-x64

10

43940d0d2d...c8.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    166s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/05/2023, 21:36

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    43940d0d2dbd9ace847a8479fa905e8f09f1aee3946ad73bea873ced1dc6f9c8.exe

  • Size

    618KB

  • MD5

    b30e0a4785cec3b257c3a9612a1dbfd8

  • SHA1

    59d57ccb332c15293935f06e4988a99155d87560

  • SHA256

    43940d0d2dbd9ace847a8479fa905e8f09f1aee3946ad73bea873ced1dc6f9c8

  • SHA512

    b34dd92e1cede2324cd605a2178af853ac67994944f0e0c86a11f200a2afdfa57b1300409ae780c0b869dd4059b24d23e11746ff33258f91a5e20187ae9bc17c

  • SSDEEP

    12288:My90XcOTvSjqiiF0gufvR5ebrBimueRcclNPiYtn3hWREeMKJzk4:MymcEvSiF0g3WOrt0RLJI4

Score
10/10
redlineevasioninfostealerpersistencestealertrojan

Malware Config

Signatures

  • Detects Redline Stealer samples 1 IoCs

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Executes dropped EXE 3 IoCs
  • Windows security modification 2 TTPs 1 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\43940d0d2dbd9ace847a8479fa905e8f09f1aee3946ad73bea873ced1dc6f9c8.exe
    "C:\Users\Admin\AppData\Local\Temp\43940d0d2dbd9ace847a8479fa905e8f09f1aee3946ad73bea873ced1dc6f9c8.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:4796
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\st216657.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\st216657.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:4696
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\76010441.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\76010441.exe
        3⤵
        • Modifies Windows Defender Real-time Protection settings
        • Executes dropped EXE
        • Windows security modification
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:4656
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp234826.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp234826.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:4052

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\st216657.exe
          Filesize

          464KB

          MD5

          dead5e30314c5db6b9e2b6471617c204

          SHA1

          9fd5d83c5136f04dad8e93cf47386c2130855488

          SHA256

          3ac090c6cdaef8653394314ee84df3dfc3bce3fdf8728b6dc04c8e1daf42cf94

          SHA512

          f8256abd5a6f36fda2c1ff796ae5554ba765d322ffd81e4d1c5765819e7303db038749cbc8904536a5fa9a47f7565fd99ec4beba9efed8e191060282d1d74840

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\st216657.exe
          Filesize

          464KB

          MD5

          dead5e30314c5db6b9e2b6471617c204

          SHA1

          9fd5d83c5136f04dad8e93cf47386c2130855488

          SHA256

          3ac090c6cdaef8653394314ee84df3dfc3bce3fdf8728b6dc04c8e1daf42cf94

          SHA512

          f8256abd5a6f36fda2c1ff796ae5554ba765d322ffd81e4d1c5765819e7303db038749cbc8904536a5fa9a47f7565fd99ec4beba9efed8e191060282d1d74840

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\76010441.exe
          Filesize

          11KB

          MD5

          7e93bacbbc33e6652e147e7fe07572a0

          SHA1

          421a7167da01c8da4dc4d5234ca3dd84e319e762

          SHA256

          850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38

          SHA512

          250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\76010441.exe
          Filesize

          11KB

          MD5

          7e93bacbbc33e6652e147e7fe07572a0

          SHA1

          421a7167da01c8da4dc4d5234ca3dd84e319e762

          SHA256

          850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38

          SHA512

          250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp234826.exe
          Filesize

          478KB

          MD5

          6f9be4dab4c81bd6c343cd714f048f0a

          SHA1

          c1b8f6c68f3e4c07d436ccca5bb76f2c1845f276

          SHA256

          ad267cd6a90902f0d2bfd5b3335d7d94ebf65bfa5b3a394296ba2be84aea50c5

          SHA512

          4a351bde63028ed393f0d7e5161d1b146d1f99d7ba44a5b31c2c3f349bfe7153d591e14ba525698e9837adbec4d5859a5f0fc0d4770c2d63f2edc8278e73e82c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp234826.exe
          Filesize

          478KB

          MD5

          6f9be4dab4c81bd6c343cd714f048f0a

          SHA1

          c1b8f6c68f3e4c07d436ccca5bb76f2c1845f276

          SHA256

          ad267cd6a90902f0d2bfd5b3335d7d94ebf65bfa5b3a394296ba2be84aea50c5

          SHA512

          4a351bde63028ed393f0d7e5161d1b146d1f99d7ba44a5b31c2c3f349bfe7153d591e14ba525698e9837adbec4d5859a5f0fc0d4770c2d63f2edc8278e73e82c

          Download Submit

        • memory/4052-153-0x0000000004E10000-0x00000000053B4000-memory.dmp

          Filesize

          5.6MB

          Download

        • memory/4052-154-0x0000000000BC0000-0x0000000000C06000-memory.dmp

          Filesize

          280KB

          Download

        • memory/4052-155-0x0000000004E00000-0x0000000004E10000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4052-156-0x0000000004E00000-0x0000000004E10000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4052-157-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4052-158-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4052-160-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4052-162-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4052-164-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4052-166-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4052-168-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4052-170-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4052-172-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4052-174-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4052-176-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4052-178-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4052-180-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4052-182-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4052-184-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4052-186-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4052-188-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4052-190-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4052-192-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4052-194-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4052-196-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4052-198-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4052-200-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4052-202-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4052-204-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4052-206-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4052-208-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4052-210-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4052-212-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4052-214-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4052-216-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4052-218-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4052-220-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

          Filesize

          212KB

          Download

        • memory/4052-949-0x00000000078B0000-0x0000000007EC8000-memory.dmp

          Filesize

          6.1MB

          Download

        • memory/4052-950-0x0000000007F70000-0x0000000007F82000-memory.dmp

          Filesize

          72KB

          Download

        • memory/4052-951-0x0000000007F90000-0x000000000809A000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/4052-952-0x0000000004E00000-0x0000000004E10000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4052-953-0x00000000080B0000-0x00000000080EC000-memory.dmp

          Filesize

          240KB

          Download

        • memory/4052-955-0x0000000004E00000-0x0000000004E10000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4052-956-0x0000000004E00000-0x0000000004E10000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4052-957-0x0000000004E00000-0x0000000004E10000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4656-147-0x0000000000520000-0x000000000052A000-memory.dmp

          Filesize

          40KB

          Download