Analysis
-
max time kernel
135s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
18/05/2023, 04:16
General
-
Target
file.exe
-
Size
145KB
-
MD5
6e7fe11ea345b81bac990a703c1eba65
-
SHA1
3a8c5c0b24b888efe27eab93af7fe67d8f49e42b
-
SHA256
244a11f68f0398be98a3c48e3f673926824c39a0b49fd62b2615c994a72a22d8
-
SHA512
44f7305666f37b343343ea40da98e7da470d126c2cb8eac4a11cb514ac4f82e9b5cbb9fde5c845e685a02170418f9b2ac4e749deecb9c7b9dd03f5347a52db22
-
SSDEEP
3072:NV+m5cbQmRSNTAR3nXFyeJCEdhMZh8e8h1:NjS7nVvdhM7
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
xyz
C2
185.225.74.51:44767
Attributes
-
auth_value
1a798866eb6f725c9fb236ee38b4d525
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\file.exe"C:\Users\Admin\AppData\Local\Temp\file.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
168KB
-
Filesize
6.1MB
-
Filesize
1.0MB
-
Filesize
72KB
-
Filesize
240KB
-
Filesize
64KB
-
Filesize
408KB
-
Filesize
584KB
-
Filesize
5.6MB
-
Filesize
1.8MB
-
Filesize
5.2MB
-
Filesize
472KB
-
Filesize
320KB
-
Filesize
64KB