Analysis
-
max time kernel
91s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
27/11/2023, 12:20
General
-
Target
file.exe
-
Size
291KB
-
MD5
82dff01ab90a28a19048fe5cfbcbc895
-
SHA1
9006253561020584da11344f702ebb9d4ee7127d
-
SHA256
513cfd7c3b47cd8acb5b7f0e3365273a1cf6ee0a5f4635a35fb910e574d37d11
-
SHA512
e894769ca833df1ae11f6cfc5f5b1d89e649be7512ff8f9bed69bf740802c80e6523b1a1e1cd94bf2409e3d9af374aeb41ce3c8e849c10ccec1afc56527e680b
-
SSDEEP
6144:oIbH9up2Eidk1EO/D0YMOfn2rZ+FfidK1:Rb1dk1ZyK1
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
@oleh_ps
C2
194.169.175.235:42691
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 2 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\file.exe"C:\Users\Admin\AppData\Local\Temp\file.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
296KB
-
Filesize
248KB
-
Filesize
7.7MB
-
Filesize
5.6MB
-
Filesize
584KB
-
Filesize
64KB
-
Filesize
40KB
-
Filesize
6.1MB
-
Filesize
1.0MB
-
Filesize
72KB
-
Filesize
240KB
-
Filesize
304KB
-
Filesize
408KB
-
Filesize
1.8MB
-
Filesize
5.2MB
-
Filesize
320KB
-
Filesize
7.7MB