Overview

overview

10

Static

static

10

0x00070000...16.exe

windows7-x64

10

0x00070000...16.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    27s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    23-05-2023 11:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0x00070000000139fc-116.exe

  • Size

    145KB

  • MD5

    bc45ce568c8e09890727a8139b01b82e

  • SHA1

    0ec7b2417e811b35abe9ffd276d00a1b5c19e912

  • SHA256

    da5547e0ff96b1a24676dd8792aa3c57d0bb5f7b65efe2e6a3e1c90a6de7a613

  • SHA512

    f3ff9454c0895ff17e52e01c6d35aa91e6162c31d057bcf3eede86e196a6afbd63a66ea8e3dcdc853fe1c057fb1d3f436c29641ad3f7fbcf5da845e45819217a

  • SSDEEP

    3072:pV+m5cVQmRSxRGAFiXAgmpajhhuZO8e8hWGn:pj4giNXjhhuE

Score
10/10
redlinedazadiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

daza

C2

77.91.124.251:19065

Attributes
  • auth_value

    0bd5963efefdd6409185423d5ca3439c

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0x00070000000139fc-116.exe
    "C:\Users\Admin\AppData\Local\Temp\0x00070000000139fc-116.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:704

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/704-54-0x00000000002B0000-0x00000000002DA000-memory.dmp

    Filesize

    168KB

    Download

  • memory/704-55-0x0000000004DC0000-0x0000000004E00000-memory.dmp

    Filesize

    256KB

    Download