Overview

overview

10

Static

static

10

0x00070000...83.exe

windows7-x64

10

0x00070000...83.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/06/2023, 12:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0x00070000000139f8-83.exe

  • Size

    172KB

  • MD5

    7e9112693ddf6f4d31590f78745f4bc6

  • SHA1

    ce56493a5fb84bf50808090337a95ad73ac28eff

  • SHA256

    5f8c44abd1b869b262fe5077e2628362be95b1239fbfb6560a55368a4ceb8ae0

  • SHA512

    a60fa725debc3e9ad35b5aa7a09e9c8ecd30078af13f02a89f81cd998f24bdccead1251afa620cfbdb11612d75f5cf64d20a2acc4f0578a9c4fd4ef1fe9672d7

  • SSDEEP

    1536:WEXFbl9T36sv0W7T6ZnCrHpd9YCOedT4uKbxNoUYQ5NbuQLOorhQ9Np0GkRf8e8f:zXFl9pcY9J1WXbxNC2KohQ9Npc8e8ht

Score
10/10
redlinedizadiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19046

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 24 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0x00070000000139f8-83.exe
    "C:\Users\Admin\AppData\Local\Temp\0x00070000000139f8-83.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:676

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/676-133-0x00000000006C0000-0x00000000006F0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/676-134-0x000000000AB60000-0x000000000B178000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/676-135-0x000000000A650000-0x000000000A75A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/676-136-0x000000000A560000-0x000000000A572000-memory.dmp

    Filesize

    72KB

    Download

  • memory/676-137-0x000000000A5C0000-0x000000000A5FC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/676-138-0x00000000051B0000-0x00000000051C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/676-139-0x000000000A8C0000-0x000000000A936000-memory.dmp

    Filesize

    472KB

    Download

  • memory/676-140-0x000000000A9E0000-0x000000000AA72000-memory.dmp

    Filesize

    584KB

    Download

  • memory/676-141-0x000000000B730000-0x000000000BCD4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/676-142-0x000000000AA80000-0x000000000AAE6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/676-143-0x000000000BEB0000-0x000000000C072000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/676-144-0x000000000C5B0000-0x000000000CADC000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/676-145-0x000000000BD90000-0x000000000BDE0000-memory.dmp

    Filesize

    320KB

    Download

  • memory/676-146-0x00000000051B0000-0x00000000051C0000-memory.dmp

    Filesize

    64KB

    Download