Overview

overview

10

Static

static

3

Installer.exe

windows10-1703-x64

10

Installer.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    10s
  • max time network
    12s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    15-06-2023 01:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Installer.exe

  • Size

    1.2MB

  • MD5

    d017c52a55cb3741adfb83eed1d6f052

  • SHA1

    fe3e79ad0cb2b2e5374dca688c83de93ebba9bb3

  • SHA256

    aa8a2e7e1556276dad50729a039ac5cc81cd16494ecb4431f8d6ad59fa8eb9ec

  • SHA512

    d207b117dc24f856d7ba385d4764f724940a59d1f56a3fd2abaf267e1dbc47234bc5cfce2765ac91b501fcd0925048bb22acc1f050e2c9c36c483581c2e1598d

  • SSDEEP

    12288:dGKA3PekjU4fQHp4v8Q9SWVPs+ihQq/3C:dI3gNGUQcWVPBi6q/

Score
10/10
redline@merchdinfostealer

Malware Config

Extracted

Family

redline

Botnet

@MerchD

C2

94.142.138.4:80

Attributes
  • auth_value

    9f84b46959366b2efa0773e0556f6e11

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\Installer.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1472
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4112-117-0x0000000000400000-0x0000000000430000-memory.dmp

    Filesize

    192KB

    Download

  • memory/4112-118-0x0000000003200000-0x0000000003206000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4112-119-0x0000000006970000-0x0000000006F76000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/4112-120-0x0000000006650000-0x000000000675A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4112-121-0x0000000006580000-0x0000000006592000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4112-122-0x00000000065E0000-0x000000000661E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4112-123-0x0000000005830000-0x0000000005840000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4112-124-0x0000000006760000-0x00000000067AB000-memory.dmp

    Filesize

    300KB

    Download

  • memory/4112-125-0x0000000007200000-0x0000000007276000-memory.dmp

    Filesize

    472KB

    Download

  • memory/4112-126-0x0000000007320000-0x00000000073B2000-memory.dmp

    Filesize

    584KB

    Download