Overview

overview

10

Static

static

10

0x00070000...36.exe

windows7-x64

10

0x00070000...36.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    102s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/05/2023, 08:38

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0x000700000001aead-136.exe

  • Size

    145KB

  • MD5

    16967978aae9ed796aaa7b907d01a6f5

  • SHA1

    3be4d62a6e1600bb7f5bc389603b3674d5a2106b

  • SHA256

    477c5f6eb0101393256e0d8235322aa5cd4df5de0a6c2d26faf4f5ac1582609b

  • SHA512

    dc2a56695ca6e464ec9a94963d0a5b297e4ce3bc1ebdee9a960e6e6fe17ef27b800b7559667f3b88b1a2d9ce48e84dcd04df388f324fa286bb101178ba389e75

  • SSDEEP

    1536:FWBGlTP+mZP618EYDmRSNBg8sX72ZPGffuLEHKo8QJubueGJpfVT0wuei/qv+R+h:zV+m5c/QmRSNhGOy54SdVThDZt8e8hU

Score
10/10
redlinedusadiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

dusa

C2

83.97.73.127:19062

Attributes
  • auth_value

    ee896466545fedf9de5406175fb82de5

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0x000700000001aead-136.exe
    "C:\Users\Admin\AppData\Local\Temp\0x000700000001aead-136.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2072

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2072-133-0x0000000000C90000-0x0000000000CBA000-memory.dmp

          Filesize

          168KB

          Download

        • memory/2072-134-0x0000000005AF0000-0x0000000006108000-memory.dmp

          Filesize

          6.1MB

          Download

        • memory/2072-135-0x00000000055E0000-0x00000000056EA000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/2072-136-0x00000000054F0000-0x0000000005502000-memory.dmp

          Filesize

          72KB

          Download

        • memory/2072-137-0x0000000005560000-0x0000000005570000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2072-138-0x0000000005570000-0x00000000055AC000-memory.dmp

          Filesize

          240KB

          Download

        • memory/2072-139-0x0000000005890000-0x0000000005922000-memory.dmp

          Filesize

          584KB

          Download

        • memory/2072-140-0x00000000066C0000-0x0000000006C64000-memory.dmp

          Filesize

          5.6MB

          Download

        • memory/2072-141-0x00000000059A0000-0x0000000005A06000-memory.dmp

          Filesize

          408KB

          Download

        • memory/2072-142-0x0000000006E40000-0x0000000007002000-memory.dmp

          Filesize

          1.8MB

          Download

        • memory/2072-143-0x0000000005560000-0x0000000005570000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2072-144-0x0000000007540000-0x0000000007A6C000-memory.dmp

          Filesize

          5.2MB

          Download

        • memory/2072-145-0x0000000006D70000-0x0000000006DE6000-memory.dmp

          Filesize

          472KB

          Download

        • memory/2072-146-0x0000000006660000-0x00000000066B0000-memory.dmp

          Filesize

          320KB

          Download