Overview

overview

10

Static

static

1

BloxFruits GUI.exe

windows7-x64

10

BloxFruits GUI.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    98s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2023 20:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    BloxFruits GUI.exe

  • Size

    327KB

  • MD5

    79e2287c7f1e3b6b62a80c994d46c3a7

  • SHA1

    cf71a4e8f88c7a23d9074a6cc3ca3bb0d58ef895

  • SHA256

    bdc9362777d3cbbdd3362b62e48e4b2dc053f1dc1b8e4e1ef9b1b666e4efd05a

  • SHA512

    e4ea76a5fda839c6812bca5c8d0dbbfc72a72242a5dd7e57ee70d54ad89b2355891e6e8adfe62d8c36b901c5f9bfc7fe8ae12ac4b9adc8faad67a788ce2c74f2

  • SSDEEP

    6144:bV9SHeF45XiiPTwH0iE4SHt8laYNqHpwW2DtTKh8:bvieF45S5H0i3SHClaYNqHEZ

Score
10/10
redlineinfostealerspyware

Malware Config

Extracted

Family

redline

C2

45.15.156.170:43588

Attributes
  • auth_value

    9c8dd7353be7ed4b6832da21d8d0d902

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\BloxFruits GUI.exe
    "C:\Users\Admin\AppData\Local\Temp\BloxFruits GUI.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4500
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1992

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1992-134-0x0000000000180000-0x00000000001AA000-memory.dmp

    Filesize

    168KB

    Download

  • memory/1992-139-0x0000000004EF0000-0x0000000005508000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/1992-140-0x0000000004A30000-0x0000000004B3A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1992-141-0x0000000004980000-0x0000000004992000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1992-142-0x00000000049A0000-0x00000000049DC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1992-143-0x0000000004970000-0x0000000004980000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1992-144-0x0000000005AC0000-0x0000000006064000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/1992-145-0x0000000004E30000-0x0000000004EC2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/1992-146-0x0000000005510000-0x0000000005576000-memory.dmp

    Filesize

    408KB

    Download

  • memory/1992-147-0x0000000006240000-0x0000000006402000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/1992-148-0x0000000006940000-0x0000000006E6C000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/1992-149-0x00000000060F0000-0x0000000006166000-memory.dmp

    Filesize

    472KB

    Download

  • memory/1992-150-0x0000000006070000-0x00000000060C0000-memory.dmp

    Filesize

    320KB

    Download

  • memory/1992-151-0x0000000004970000-0x0000000004980000-memory.dmp

    Filesize

    64KB

    Download