Overview

overview

10

Static

static

3

24465df7bf...49.exe

windows7-x64

10

24465df7bf...49.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/05/2023, 21:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    24465df7bf72f7bfcb9196921289a9847a9d043b6169b03b229fea61b58b4949.exe

  • Size

    563KB

  • MD5

    ee7b0804a110765bd6bc40ca5f7ed6c2

  • SHA1

    957498c53385602e077e3b6d640f3c3ec2929ae3

  • SHA256

    24465df7bf72f7bfcb9196921289a9847a9d043b6169b03b229fea61b58b4949

  • SHA512

    36ebe2ced42db5be80879c2fadd6087533b60c316533fba794d2eeb92dc4c4f13fb5390c55efd794633a2825d32c2422990a53cc80252b419ce8bf5decea4bbc

  • SSDEEP

    12288:my90ihQhQcn2Kce3bGCxbb7iSTdIvbmZtecA4xYGFTPDQm5XdZ:myJQWcke7hG3vYoGqGB0mhdZ

Score
10/10
redlineevasioninfostealerpersistencestealertrojan

Malware Config

Signatures

  • Detects Redline Stealer samples 1 IoCs

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Executes dropped EXE 3 IoCs
  • Windows security modification 2 TTPs 1 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\24465df7bf72f7bfcb9196921289a9847a9d043b6169b03b229fea61b58b4949.exe
    "C:\Users\Admin\AppData\Local\Temp\24465df7bf72f7bfcb9196921289a9847a9d043b6169b03b229fea61b58b4949.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:4764
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\st777454.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\st777454.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:2380
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\46959834.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\46959834.exe
        3⤵
        • Modifies Windows Defender Real-time Protection settings
        • Executes dropped EXE
        • Windows security modification
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1892
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp513128.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp513128.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:4512

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\st777454.exe
    Filesize

    409KB

    MD5

    2c1cfd61d9473836e3c82e9cc605a33d

    SHA1

    09aacd52650695c664f67b78435f846164fb15f4

    SHA256

    8d52c0a02610beed6b275a752d126f34776c8fefeb050f6d94557bbd51e80f36

    SHA512

    caf80d80b6620acd853ad3b6855e7b4d3988a94650523ccc031cfdfabfa708c5b11500160d7c09e08a3af4131f34242882ea9a17aa149d8245c27ce247d1010f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\st777454.exe
    Filesize

    409KB

    MD5

    2c1cfd61d9473836e3c82e9cc605a33d

    SHA1

    09aacd52650695c664f67b78435f846164fb15f4

    SHA256

    8d52c0a02610beed6b275a752d126f34776c8fefeb050f6d94557bbd51e80f36

    SHA512

    caf80d80b6620acd853ad3b6855e7b4d3988a94650523ccc031cfdfabfa708c5b11500160d7c09e08a3af4131f34242882ea9a17aa149d8245c27ce247d1010f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\46959834.exe
    Filesize

    11KB

    MD5

    7e93bacbbc33e6652e147e7fe07572a0

    SHA1

    421a7167da01c8da4dc4d5234ca3dd84e319e762

    SHA256

    850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38

    SHA512

    250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\46959834.exe
    Filesize

    11KB

    MD5

    7e93bacbbc33e6652e147e7fe07572a0

    SHA1

    421a7167da01c8da4dc4d5234ca3dd84e319e762

    SHA256

    850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38

    SHA512

    250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp513128.exe
    Filesize

    353KB

    MD5

    1559cf7a8a2959c21cdb502527851dc0

    SHA1

    b25878d0e8ee8485d07aafc43dd44f49e4897594

    SHA256

    0527b8f08a8bf4a43a818dccc0587265c04de3989fa463cf075b626c73952151

    SHA512

    31f7dd7d98e3399eedd5b6cad08a7c00c2f84742e4a397b56b88c139610d709a27450867d3220ee8788f51be06ffa1c1def66ccd4802a0b25aa33bb5d9b3cf2f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp513128.exe
    Filesize

    353KB

    MD5

    1559cf7a8a2959c21cdb502527851dc0

    SHA1

    b25878d0e8ee8485d07aafc43dd44f49e4897594

    SHA256

    0527b8f08a8bf4a43a818dccc0587265c04de3989fa463cf075b626c73952151

    SHA512

    31f7dd7d98e3399eedd5b6cad08a7c00c2f84742e4a397b56b88c139610d709a27450867d3220ee8788f51be06ffa1c1def66ccd4802a0b25aa33bb5d9b3cf2f

    Download Submit

  • memory/1892-150-0x0000000000180000-0x000000000018A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4512-156-0x0000000002CD0000-0x0000000002D16000-memory.dmp

    Filesize

    280KB

    Download

  • memory/4512-157-0x0000000007390000-0x00000000073A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4512-158-0x00000000073A0000-0x0000000007944000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4512-159-0x00000000072A0000-0x00000000072D5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4512-160-0x00000000072A0000-0x00000000072D5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4512-162-0x00000000072A0000-0x00000000072D5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4512-164-0x00000000072A0000-0x00000000072D5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4512-166-0x00000000072A0000-0x00000000072D5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4512-168-0x00000000072A0000-0x00000000072D5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4512-170-0x00000000072A0000-0x00000000072D5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4512-172-0x00000000072A0000-0x00000000072D5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4512-174-0x00000000072A0000-0x00000000072D5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4512-176-0x00000000072A0000-0x00000000072D5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4512-178-0x00000000072A0000-0x00000000072D5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4512-180-0x00000000072A0000-0x00000000072D5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4512-183-0x0000000007390000-0x00000000073A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4512-185-0x0000000007390000-0x00000000073A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4512-182-0x00000000072A0000-0x00000000072D5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4512-186-0x00000000072A0000-0x00000000072D5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4512-188-0x00000000072A0000-0x00000000072D5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4512-190-0x00000000072A0000-0x00000000072D5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4512-192-0x00000000072A0000-0x00000000072D5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4512-194-0x00000000072A0000-0x00000000072D5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4512-196-0x00000000072A0000-0x00000000072D5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4512-198-0x00000000072A0000-0x00000000072D5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4512-200-0x00000000072A0000-0x00000000072D5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4512-202-0x00000000072A0000-0x00000000072D5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4512-204-0x00000000072A0000-0x00000000072D5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4512-206-0x00000000072A0000-0x00000000072D5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4512-208-0x00000000072A0000-0x00000000072D5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4512-210-0x00000000072A0000-0x00000000072D5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4512-212-0x00000000072A0000-0x00000000072D5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4512-214-0x00000000072A0000-0x00000000072D5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4512-216-0x00000000072A0000-0x00000000072D5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4512-218-0x00000000072A0000-0x00000000072D5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4512-220-0x00000000072A0000-0x00000000072D5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4512-222-0x00000000072A0000-0x00000000072D5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4512-224-0x00000000072A0000-0x00000000072D5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4512-953-0x0000000009DD0000-0x000000000A3E8000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/4512-954-0x000000000A450000-0x000000000A462000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4512-955-0x000000000A470000-0x000000000A57A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4512-956-0x000000000A590000-0x000000000A5CC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4512-957-0x0000000007390000-0x00000000073A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4512-959-0x0000000007390000-0x00000000073A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4512-960-0x0000000007390000-0x00000000073A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4512-961-0x0000000007390000-0x00000000073A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4512-962-0x0000000007390000-0x00000000073A0000-memory.dmp

    Filesize

    64KB

    Download