Analysis
-
max time kernel
135s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
10/06/2023, 01:20
General
-
Target
380cf16c91062c831de25e05a5a3d288.exe
-
Size
172KB
-
MD5
380cf16c91062c831de25e05a5a3d288
-
SHA1
a852c13a3699458994bbd83471d16d6d5b14e14a
-
SHA256
d65b2481250404bff74b626a516ea0de91754a0d133edf3d7f337e98caf90521
-
SHA512
d51f7537d10b86e84a41f4c71bfa8ef069f7309656e766048a39b03c75a60d7fa5ed3a6ecfc5a40923799bf0f8fbbf11cb908e1737cab14439a0571fdfcf586d
-
SSDEEP
1536:8/tcDOd2V36sv0W7TwiQjrH0V32ai6xWqlB2fxNiLYQ9VbuyqN9fkyt0GkRM8e8u:6yOUrhD3TiG72fxNbqA5kytf8e8hw
Malware Config
Extracted
redline
muha
83.97.73.129:19068
-
auth_value
3c237e5fecb41481b7af249e79828a46
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\380cf16c91062c831de25e05a5a3d288.exe"C:\Users\Admin\AppData\Local\Temp\380cf16c91062c831de25e05a5a3d288.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
192KB
-
Filesize
6.1MB
-
Filesize
1.0MB
-
Filesize
72KB
-
Filesize
64KB
-
Filesize
240KB
-
Filesize
472KB
-
Filesize
584KB
-
Filesize
5.6MB
-
Filesize
408KB
-
Filesize
320KB
-
Filesize
1.8MB
-
Filesize
5.2MB
-
Filesize
64KB