Overview

overview

10

Static

static

1

834ba5e188...7d.exe

windows7-x64

10

834ba5e188...7d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    133s
  • max time network
    135s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230621-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-07-2023 04:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    834ba5e1882127065cdcd09cda30b47d.exe

  • Size

    276KB

  • MD5

    834ba5e1882127065cdcd09cda30b47d

  • SHA1

    48d38d0582fc94a155bb1e4132494319d03ac6db

  • SHA256

    c9da44cd96f7879b224feacdae31f4d20ea9ee865be28c46659d645721e6e129

  • SHA512

    d542685a697f87e6623a9d73004e4a22474cecc2933c4bc9fe24c5544a305ecc39bd97a512daca197b7aeb09af5a3467733738dd7face0e0c4afc332423f6bda

  • SSDEEP

    6144:/FWPM88IzV6H+KHaDyXbbmIRf0Vi8QdQb:/8U88IV6H+0aWLhBgLQdQb

Score
10/10
redlinebrunodiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

bruno

C2

83.97.73.134:19071

Attributes
  • auth_value

    b23e240c277e85ce9d49d6165c0a2b48

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\834ba5e1882127065cdcd09cda30b47d.exe
    "C:\Users\Admin\AppData\Local\Temp\834ba5e1882127065cdcd09cda30b47d.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1256

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1256-133-0x00000000007E0000-0x0000000000810000-memory.dmp

    Filesize

    192KB

    Download

  • memory/1256-137-0x000000000A0E0000-0x000000000A6F8000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/1256-138-0x000000000A760000-0x000000000A86A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1256-139-0x000000000A8A0000-0x000000000A8B2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1256-140-0x000000000A8C0000-0x000000000A8FC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1256-141-0x0000000004D50000-0x0000000004D60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1256-142-0x000000000ABA0000-0x000000000AC16000-memory.dmp

    Filesize

    472KB

    Download

  • memory/1256-143-0x000000000AC20000-0x000000000ACB2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/1256-144-0x000000000ACC0000-0x000000000B264000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/1256-145-0x000000000B310000-0x000000000B376000-memory.dmp

    Filesize

    408KB

    Download

  • memory/1256-146-0x000000000B770000-0x000000000B7C0000-memory.dmp

    Filesize

    320KB

    Download

  • memory/1256-147-0x000000000B7F0000-0x000000000B9B2000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/1256-148-0x0000000004D50000-0x0000000004D60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1256-149-0x000000000B9D0000-0x000000000BEFC000-memory.dmp

    Filesize

    5.2MB

    Download