Overview

overview

10

Static

static

1

Laplas.exe

windows7-x64

1

Laplas.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/08/2023, 14:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Laplas.exe

  • Size

    304KB

  • MD5

    ef09a423538646180f81162b69b68b20

  • SHA1

    2d38561b4cd4c89419ef0bc5c1ac9234e9136c81

  • SHA256

    a145874aa2d3cc607144208ab4fd69f4c91e9400d14d42344a2a49e947980eb5

  • SHA512

    cca2314c3496ba36555f4ce70d38c4c3e6be37446ef34687ce84633cbec16d3e3d089a67e2be1086b35d5a0e1f5cfb37d9508b6a3c6849c03e87ade8dcece409

  • SSDEEP

    6144:5sSQUg5ecl9ECmIWPWP9pnNDn4ClxGBXrzOBCdOqQh9i2lpWGLM1IOq:Xoee9ECUPWPH2CHG1WCdI9iQpZM14

Score
10/10
redlinenninfostealer

Malware Config

Extracted

Family

redline

Botnet

NN

C2

82.115.223.91:82

Attributes
  • auth_value

    1353d61efcc5200a0225ebbc1f97dd2f

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Blocklisted process makes network request 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 25 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Laplas.exe
    "C:\Users\Admin\AppData\Local\Temp\Laplas.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2424
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe"
      2⤵
      • Blocklisted process makes network request
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious use of SetThreadContext
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4640
      • C:\Users\Admin\AppData\Local\Temp\Laplas.exe
        C:\Users\Admin\AppData\Local\Temp\Laplas.exe
        3⤵
          PID:4016

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_a0xzskl2.k4f.ps1
      Filesize

      60B

      MD5

      d17fe0a3f47be24a6453e9ef58c94641

      SHA1

      6ab83620379fc69f80c0242105ddffd7d98d5d9d

      SHA256

      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

      SHA512

      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

      Download Submit

    • memory/2424-1-0x0000000074C30000-0x00000000753E0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2424-2-0x0000000004FA0000-0x0000000005544000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/2424-3-0x0000000004AD0000-0x0000000004B62000-memory.dmp

      Filesize

      584KB

      Download

    • memory/2424-4-0x0000000004D50000-0x0000000004D60000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2424-5-0x0000000004B90000-0x0000000004B9A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2424-48-0x0000000074C30000-0x00000000753E0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2424-24-0x0000000074C30000-0x00000000753E0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2424-29-0x0000000004D50000-0x0000000004D60000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2424-0-0x00000000000A0000-0x00000000000EC000-memory.dmp

      Filesize

      304KB

      Download

    • memory/4016-39-0x0000000018A70000-0x0000000018AAC000-memory.dmp

      Filesize

      240KB

      Download

    • memory/4016-38-0x0000000018700000-0x0000000018712000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4016-37-0x00000000187A0000-0x00000000188AA000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/4016-36-0x0000000018C40000-0x0000000019258000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/4016-35-0x0000000017B00000-0x0000000017B10000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4016-34-0x0000000074C30000-0x00000000753E0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4016-42-0x0000000074C30000-0x00000000753E0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4016-33-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/4640-9-0x0000000005320000-0x0000000005948000-memory.dmp

      Filesize

      6.2MB

      Download

    • memory/4640-22-0x0000000006110000-0x000000000612E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/4640-28-0x00000000074C0000-0x00000000074DA000-memory.dmp

      Filesize

      104KB

      Download

    • memory/4640-26-0x0000000007420000-0x0000000007496000-memory.dmp

      Filesize

      472KB

      Download

    • memory/4640-30-0x0000000074C30000-0x00000000753E0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4640-31-0x0000000002970000-0x0000000002980000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4640-32-0x00000000075D0000-0x00000000075F2000-memory.dmp

      Filesize

      136KB

      Download

    • memory/4640-25-0x0000000002970000-0x0000000002980000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4640-23-0x00000000066B0000-0x00000000066F4000-memory.dmp

      Filesize

      272KB

      Download

    • memory/4640-27-0x0000000007B20000-0x000000000819A000-memory.dmp

      Filesize

      6.5MB

      Download

    • memory/4640-17-0x0000000005B00000-0x0000000005B66000-memory.dmp

      Filesize

      408KB

      Download

    • memory/4640-16-0x0000000005A20000-0x0000000005A86000-memory.dmp

      Filesize

      408KB

      Download

    • memory/4640-10-0x0000000005980000-0x00000000059A2000-memory.dmp

      Filesize

      136KB

      Download

    • memory/4640-8-0x0000000002970000-0x0000000002980000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4640-40-0x0000000002970000-0x0000000002980000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4640-41-0x0000000002970000-0x0000000002980000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4640-7-0x0000000074C30000-0x00000000753E0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4640-46-0x0000000074C30000-0x00000000753E0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4640-6-0x00000000027D0000-0x0000000002806000-memory.dmp

      Filesize

      216KB

      Download