Overview

overview

10

Static

static

3

7o4916xup.exe

windows7-x64

10

7o4916xup.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    01-09-2023 08:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7o4916xup.exe

  • Size

    2.2MB

  • MD5

    5d04b22be4e97daf8e8ef7c44f1b9be6

  • SHA1

    f6f971573d98df47a22ca1dda1b23fed11a7d717

  • SHA256

    f4f4a662f6532dd5db96f3dbc20d4df4d4b3eff19d76ec1775c531a5d1e8d7a9

  • SHA512

    620158bf76cadfe85bb8c6e22b2b7e5cd07e14bc3fdbcba9ca90d20d35e32ddd403b78e39a24d610f2b11505c8af22afea623293fc52e000bd5ad333c166cb7e

  • SSDEEP

    12288:hdMCO1sax2Es9NXB9cgZTgSnsLGDd3UAG8PCVt2S2mmbngY8/AiUc2u4mHrFQAdW:+rgEs9ZB9cgZTgIZdkAimbngY8cc8vt

Score
10/10
redline10kinfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

10K

C2

77.232.38.234:80

Attributes
  • auth_value

    e0b9a8ef2c92da39d627d67103b3b93f

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Uses the VBS compiler for execution 1 TTPs
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7o4916xup.exe
    "C:\Users\Admin\AppData\Local\Temp\7o4916xup.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2964
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2208

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Cab9DA8.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9EE3.tmp
    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

    Download Submit

  • memory/2208-9-0x0000000000400000-0x0000000000430000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2208-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2208-10-0x0000000000400000-0x0000000000430000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2208-11-0x00000000748E0000-0x0000000074FCE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2208-12-0x0000000000300000-0x0000000000306000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2208-13-0x00000000748E0000-0x0000000074FCE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2208-14-0x0000000000450000-0x0000000000490000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2208-15-0x0000000000450000-0x0000000000490000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2208-2-0x0000000000400000-0x0000000000430000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2208-1-0x0000000000400000-0x0000000000430000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2208-50-0x00000000748E0000-0x0000000074FCE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2964-8-0x00000000009A0000-0x0000000000BE0000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2964-0-0x00000000009A0000-0x0000000000BE0000-memory.dmp

    Filesize

    2.2MB

    Download