Overview

overview

10

Static

static

10

0x00080000...78.exe

windows7-x64

10

0x00080000...78.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    135s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-06-2023 00:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0x00080000000133cd-78.exe

  • Size

    172KB

  • MD5

    a59a242d0dbcdf13c197804479568c34

  • SHA1

    43a5fa54d53307008e1e017e0e6316e2792cca5d

  • SHA256

    c30ceb94deac28207dc6a20317ae97ecc85f673885adfa5784f2c36b682582e7

  • SHA512

    f49a5ae6febf11ccbb201638b4a0d696a34c792f666d793033045a1c298cfa0c770682be2058afca58d333600245fa01dcb35e757104be5af578cead968a86a6

  • SSDEEP

    3072:QUYvpRfFyNgq8oMGl9ixNcO3qdLbkSh8e8hb:kVoVrLbkSh

Score
10/10
redlineduhadiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

duha

C2

83.97.73.129:19068

Attributes
  • auth_value

    aafe99874c3b8854069470882e00246c

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\0x00080000000133cd-78.exe
    "C:\Users\Admin\AppData\Local\Temp\0x00080000000133cd-78.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3576

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3576-133-0x0000000000370000-0x00000000003A0000-memory.dmp
    Filesize

    192KB

    Download
  • memory/3576-134-0x000000000A770000-0x000000000AD88000-memory.dmp
    Filesize

    6.1MB

    Download
  • memory/3576-135-0x000000000A2C0000-0x000000000A3CA000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/3576-136-0x000000000A200000-0x000000000A212000-memory.dmp
    Filesize

    72KB

    Download
  • memory/3576-137-0x0000000004DC0000-0x0000000004DD0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3576-138-0x000000000A260000-0x000000000A29C000-memory.dmp
    Filesize

    240KB

    Download
  • memory/3576-139-0x000000000A670000-0x000000000A6E6000-memory.dmp
    Filesize

    472KB

    Download
  • memory/3576-140-0x000000000AE30000-0x000000000AEC2000-memory.dmp
    Filesize

    584KB

    Download
  • memory/3576-141-0x000000000B480000-0x000000000BA24000-memory.dmp
    Filesize

    5.6MB

    Download
  • memory/3576-142-0x000000000AD90000-0x000000000ADF6000-memory.dmp
    Filesize

    408KB

    Download
  • memory/3576-143-0x000000000B270000-0x000000000B2C0000-memory.dmp
    Filesize

    320KB

    Download
  • memory/3576-144-0x000000000BC00000-0x000000000BDC2000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/3576-145-0x000000000C300000-0x000000000C82C000-memory.dmp
    Filesize

    5.2MB

    Download
  • memory/3576-146-0x0000000004DC0000-0x0000000004DD0000-memory.dmp
    Filesize

    64KB

    Download