Overview

overview

10

Static

static

1

bd225935b6...40.exe

windows7-x64

10

bd225935b6...40.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    12-10-2023 17:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bd225935b6b2ea18b54d886175ff37be05a0bea5dc242ee7b535fbc0b6117140.exe

  • Size

    1.5MB

  • MD5

    c2a12d49dfe6eee829e756f23da12892

  • SHA1

    9aaabbad78b1b78d4be89e54b6aa54e64530f962

  • SHA256

    bd225935b6b2ea18b54d886175ff37be05a0bea5dc242ee7b535fbc0b6117140

  • SHA512

    cc724df549003bfe96831da5d08a4e94fcc9cf50421851215b60d0f343be06adf17e8a982ded2853175d4c1eb9ac0fa876379bcb8935680809ebf61c321e0193

  • SSDEEP

    49152:0YHmYObiYdcFMSz3gbXyiz3htazmq7H1P:0kOoMSz3gbXyiz3htwV

Score
10/10
redlineinfostealerspyware

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 5 IoCs
  • Uses the VBS compiler for execution 1 TTPs
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd225935b6b2ea18b54d886175ff37be05a0bea5dc242ee7b535fbc0b6117140.exe
    "C:\Users\Admin\AppData\Local\Temp\bd225935b6b2ea18b54d886175ff37be05a0bea5dc242ee7b535fbc0b6117140.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2060
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2020

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\CabC489.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD280.tmp
    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

    Download Submit

  • memory/2020-11-0x0000000000400000-0x000000000045A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/2020-3-0x0000000000400000-0x000000000045A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/2020-7-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2020-9-0x0000000000400000-0x000000000045A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/2020-12-0x0000000074470000-0x0000000074B5E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2020-13-0x0000000007350000-0x0000000007390000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2020-2-0x0000000000400000-0x000000000045A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/2020-39-0x0000000074470000-0x0000000074B5E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2020-49-0x0000000074470000-0x0000000074B5E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2060-10-0x00000000001B0000-0x000000000038A000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2060-0-0x00000000001B0000-0x000000000038A000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2060-1-0x00000000001B0000-0x000000000038A000-memory.dmp

    Filesize

    1.9MB

    Download