Analysis

  • max time kernel
    28s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    06/07/2023, 01:09 UTC

General

  • Target

    7db38668bfda0f4fd5885ff8965304f3651113777003e86715c08ba8624d9114.exe

  • Size

    1.0MB

  • MD5

    1aa7939721f123f428719c210b88df55

  • SHA1

    7f61007a5463e05d194ffe8668b797ddf5280d71

  • SHA256

    7db38668bfda0f4fd5885ff8965304f3651113777003e86715c08ba8624d9114

  • SHA512

    95654e50081acb40a323c8c447ae65ae7338ba12cdc0bab81ee77295316904db8f89f7f4e284f8f86e911cd9654a788cfb858881ee6e0c863f1e59c50366364c

  • SSDEEP

    6144:q1yNB0anZ8DhgCEmcxb7hAAOY6cgLsBd/ujSi1RURR:q1WB0anZ8D6xbtA6Asv/+SK0

Malware Config

Extracted

Family

redline

Botnet

LogsLive2

C2

185.157.120.11:36690

Attributes
  • auth_value

    11cb8c21234a8fb6ec2254da18178eab

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7db38668bfda0f4fd5885ff8965304f3651113777003e86715c08ba8624d9114.exe
    "C:\Users\Admin\AppData\Local\Temp\7db38668bfda0f4fd5885ff8965304f3651113777003e86715c08ba8624d9114.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2424
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2368

Network

    No results found
  • 185.157.120.11:36690
    InstallUtil.exe
    8.4kB
    7.7kB
    15
    12
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2368-54-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

  • memory/2368-56-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

  • memory/2368-58-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

  • memory/2368-59-0x0000000000B10000-0x0000000000B50000-memory.dmp

    Filesize

    256KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.