Overview

overview

10

Static

static

10

0x00060000...88.exe

windows7-x64

10

0x00060000...88.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    31s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    11-05-2023 06:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0x000600000002313e-188.exe

  • Size

    168KB

  • MD5

    ed157b317eb07304af11bcc2ba7c444f

  • SHA1

    cb5373125c2494b9d0291221fae4e1677e6e5faa

  • SHA256

    20f8c476655d28ddbe9f0c7ff2fae61a757f36aaffa010d793a11df83e901d88

  • SHA512

    c9281bdd0edebbb654ba65318c9c83ac0b4189a2ee6f70d9e82a98a10b1a1373b4bd5d85aec8e763a991431001be9c8cf93ff27986a96c48483b15ca1d5c8d2a

  • SSDEEP

    3072:8kmfv4r8W2qTvI2t2qVwoMTOIkvl98e8hg:gfvhZ/Rfkvl9

Score
10/10
redlinemixadiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

mixa

C2

185.161.248.75:4132

Attributes
  • auth_value

    9d14534b25ac495ab25b59800acf3bb2

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0x000600000002313e-188.exe
    "C:\Users\Admin\AppData\Local\Temp\0x000600000002313e-188.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:836

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/836-54-0x0000000000F40000-0x0000000000F6E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/836-55-0x0000000000420000-0x0000000000426000-memory.dmp

    Filesize

    24KB

    Download

  • memory/836-56-0x0000000004970000-0x00000000049B0000-memory.dmp

    Filesize

    256KB

    Download