Overview

overview

10

Static

static

7

2 files.zip

windows10-2004-x64

1

YT.exe

windows10-2004-x64

10

lolMiner.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    451s
  • max time network
    455s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-01-2024 00:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    YT.exe

  • Size

    2.2MB

  • MD5

    b1087aa5a1a538d7ee3bd9c3b774bb38

  • SHA1

    0842a7d8905be9dbe06f9b2bd7376f33373af246

  • SHA256

    c85533dc3627cc14b81a22fb204c42c9e5527e15ad78c832da7a159825de6ec7

  • SHA512

    46aec87f752382ec9a5ce6f45af70ab54ae3fe158cd2084b27ca55d8224c83417c8a13091648b4b1ffdbf76f2b88ffa0424a76d3619c3516645e70b0c6969cb6

  • SSDEEP

    24576:EQ1OwhF5/u7S/OiUVkcOpckjLDSvWrtaG2cskcA8AvuyLdk0JdQGwct28MENdhX2:DMwP5/u79ScOqkjqOrnq29QFxa

Score
10/10
redlinelegaainfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

Legaa

C2

185.172.128.33:38294

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\YT.exe
    "C:\Users\Admin\AppData\Local\Temp\YT.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4940
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3048

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3048-14-0x0000000004ED0000-0x0000000004F0C000-memory.dmp
    Filesize

    240KB

    Download
  • memory/3048-23-0x0000000075170000-0x0000000075920000-memory.dmp
    Filesize

    7.7MB

    Download
  • memory/3048-4-0x0000000000510000-0x0000000000562000-memory.dmp
    Filesize

    328KB

    Download
  • memory/3048-7-0x00000000052C0000-0x0000000005864000-memory.dmp
    Filesize

    5.6MB

    Download
  • memory/3048-8-0x0000000004C00000-0x0000000004C92000-memory.dmp
    Filesize

    584KB

    Download
  • memory/3048-9-0x0000000004E80000-0x0000000004E90000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3048-10-0x0000000004BB0000-0x0000000004BBA000-memory.dmp
    Filesize

    40KB

    Download
  • memory/3048-13-0x0000000004E30000-0x0000000004E42000-memory.dmp
    Filesize

    72KB

    Download
  • memory/3048-6-0x0000000075170000-0x0000000075920000-memory.dmp
    Filesize

    7.7MB

    Download
  • memory/3048-15-0x0000000004F10000-0x0000000004F5C000-memory.dmp
    Filesize

    304KB

    Download
  • memory/3048-11-0x0000000005E90000-0x00000000064A8000-memory.dmp
    Filesize

    6.1MB

    Download
  • memory/3048-12-0x0000000004FA0000-0x00000000050AA000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/3048-16-0x00000000051A0000-0x0000000005206000-memory.dmp
    Filesize

    408KB

    Download
  • memory/3048-17-0x0000000006880000-0x0000000006A42000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/3048-18-0x0000000006F80000-0x00000000074AC000-memory.dmp
    Filesize

    5.2MB

    Download
  • memory/3048-19-0x0000000006780000-0x00000000067D0000-memory.dmp
    Filesize

    320KB

    Download
  • memory/3048-20-0x0000000075170000-0x0000000075920000-memory.dmp
    Filesize

    7.7MB

    Download
  • memory/3048-21-0x0000000004E80000-0x0000000004E90000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4940-5-0x00007FF76D3A0000-0x00007FF76D635000-memory.dmp
    Filesize

    2.6MB

    Download