Overview

overview

10

Static

static

10

l9941426.exe

windows7-x64

10

l9941426.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    30s
  • max time network
    39s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    09-05-2023 23:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    l9941426.exe

  • Size

    168KB

  • MD5

    8877a8fe69cbb52183c22ab577b71287

  • SHA1

    b315018ee73e946468733f44afd2a5b1e20d5d3d

  • SHA256

    cada58145e87ad1df4ef09c9a927343f6bc0e0cc72429146f57d529b7678a72e

  • SHA512

    28195c36e4a58a595ebbe2e6cf2262734380f4a44973cde4d1319264acb2c69c3fe710adb190fc76a87595cbcfce871a4fffcc785bf04385b58fdda672acefc3

  • SSDEEP

    1536:ifWUYxyGqlVZRGWFxDrkNla5RKDecm+sVsa+ZTGqVIbuSN5IDoVayvp83wYkB8e/:fwBN5fp+dLoqV4lIkVayvpr8e8hi

Score
10/10
redlinedeasediscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

dease

C2

217.196.96.101:4132

Attributes
  • auth_value

    82e4d5f9abc21848e0345118814a4e6c

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\l9941426.exe
    "C:\Users\Admin\AppData\Local\Temp\l9941426.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2028

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2028-54-0x0000000000C10000-0x0000000000C3E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2028-55-0x0000000000300000-0x0000000000306000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2028-56-0x0000000000310000-0x0000000000350000-memory.dmp

    Filesize

    256KB

    Download