Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    128s
  • max time network
    255s
  • platform
    windows10-1703_x64
  • resource
    win10-20230703-en
  • resource tags

    arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
  • submitted
    18-08-2023 03:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    04f44c5c5aca681f45478285d81c898666f8b92f33fdf5d2b80ea2e5895c8124.exe

  • Size

    222KB

  • MD5

    b8c6ecf869f81ce5b9d68cae5cd5796f

  • SHA1

    8b73ac63ddd5dd021373a1f566085080d3c1b3d4

  • SHA256

    04f44c5c5aca681f45478285d81c898666f8b92f33fdf5d2b80ea2e5895c8124

  • SHA512

    acc5f9fb959ef328a86fe1c86122d0bb4be3414cf7f45fb06cf962d45ad8963979726600838b34d556e5fc5ec4802168401fd7c27da5e8cbfff1b2b3b711af3c

  • SSDEEP

    6144:uX6nPQ0LN+vRGyliJuc5KiSzGahzqz6Bzeti6gLyGKAX:uKniiJuc4pzGQ/e0XLyGK

Score
10/10
redlinelux3infostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

lux3

C2

176.123.9.142:14845

Attributes
  • auth_value

    e94dff9a76da90d6b000642c4a52574b

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\04f44c5c5aca681f45478285d81c898666f8b92f33fdf5d2b80ea2e5895c8124.exe
    "C:\Users\Admin\AppData\Local\Temp\04f44c5c5aca681f45478285d81c898666f8b92f33fdf5d2b80ea2e5895c8124.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3004

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3004-117-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/3004-118-0x0000000002070000-0x00000000020A0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/3004-122-0x0000000073350000-0x0000000073A3E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/3004-123-0x0000000002370000-0x0000000002376000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3004-124-0x0000000009E30000-0x000000000A436000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/3004-125-0x000000000A4A0000-0x000000000A5AA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3004-126-0x0000000004AA0000-0x0000000004AB0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3004-127-0x000000000A5D0000-0x000000000A5E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3004-128-0x000000000A5F0000-0x000000000A62E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3004-129-0x000000000A6A0000-0x000000000A6EB000-memory.dmp

    Filesize

    300KB

    Download

  • memory/3004-130-0x000000000A8E0000-0x000000000A956000-memory.dmp

    Filesize

    472KB

    Download

  • memory/3004-131-0x000000000A960000-0x000000000A9F2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/3004-132-0x000000000AA00000-0x000000000AEFE000-memory.dmp

    Filesize

    5.0MB

    Download

  • memory/3004-133-0x000000000AF40000-0x000000000AFA6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3004-134-0x0000000073350000-0x0000000073A3E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/3004-135-0x000000000B3E0000-0x000000000B5A2000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/3004-136-0x000000000B5C0000-0x000000000BAEC000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3004-137-0x0000000004AA0000-0x0000000004AB0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3004-138-0x000000000BE90000-0x000000000BEE0000-memory.dmp

    Filesize

    320KB

    Download

  • memory/3004-141-0x0000000073350000-0x0000000073A3E000-memory.dmp

    Filesize

    6.9MB

    Download