Overview

overview

10

Static

static

10

06316899.exe

windows7-x64

10

06316899.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    88s
  • max time network
    100s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-05-2023 12:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    06316899.exe

  • Size

    167KB

  • MD5

    b9af3e044e864972d8e944e8a28ebd02

  • SHA1

    c4b509bea40c27d736e4f488be7ee03a75d6e077

  • SHA256

    90bf5707ff5714b862e774f444940508c089f048ee6bf19d2ae946012a845348

  • SHA512

    0ae899a64a0edd5f1c559aa25b40836b0cd03d48dd79d73b441933d58fe6c86a667b7bac911dc177371bb6fc724ac8812882e3cf28e643158ff333584818e978

  • SSDEEP

    3072:irGkzIa8WuPMxNo/i6qVOg+uA+Eie8e8hF:iikzZEPtb+Eie

Score
10/10
redlinemaxidiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

maxi

C2

83.97.73.127:19045

Attributes
  • auth_value

    6a3f22e5f4209b056a3fd330dc71956a

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\06316899.exe
    "C:\Users\Admin\AppData\Local\Temp\06316899.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:5028

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/5028-133-0x0000000000AE0000-0x0000000000B0E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/5028-134-0x000000000AF00000-0x000000000B518000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/5028-135-0x000000000AA50000-0x000000000AB5A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/5028-136-0x000000000A980000-0x000000000A992000-memory.dmp

    Filesize

    72KB

    Download

  • memory/5028-137-0x000000000A9E0000-0x000000000AA1C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/5028-138-0x0000000002FC0000-0x0000000002FD0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5028-139-0x000000000ACF0000-0x000000000AD66000-memory.dmp

    Filesize

    472KB

    Download

  • memory/5028-140-0x000000000AE10000-0x000000000AEA2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/5028-141-0x000000000BAD0000-0x000000000C074000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/5028-142-0x000000000B620000-0x000000000B686000-memory.dmp

    Filesize

    408KB

    Download

  • memory/5028-143-0x000000000C250000-0x000000000C412000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/5028-144-0x000000000C950000-0x000000000CE7C000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/5028-145-0x0000000002FC0000-0x0000000002FD0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5028-146-0x000000000C1A0000-0x000000000C1F0000-memory.dmp

    Filesize

    320KB

    Download