Overview

overview

10

Static

static

10

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    92s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-01-2024 18:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    313KB

  • MD5

    9aa8737202bac7dcc71ef4c77939f82b

  • SHA1

    25b29b7274fb3ef7d16052f8400d24540621aff9

  • SHA256

    a177d02e062d3068da14ad638fe58ce76d614fa15c1890f668747c61bd132aff

  • SHA512

    aa55987a32b3e259376594df68a2008007353953a2bf390b44b908e5fdaee181d3b216aec46f8679aa5f5e4164a0a412511621c6249d3cab7e1eba86d8494a7a

  • SSDEEP

    3072:UA0KubVwL+uacYOFq70W09SIg8DJn5MxfCpWLMRqfjDv/YheqiOL2bBO2:8Qpaw40r8IDYx64MRqfjD4jL

Score
10/10
redline@rlreborn cloud tg: @fatherofcarders)discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

@RLREBORN Cloud TG: @FATHEROFCARDERS)

C2

141.95.211.148:46011

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2892

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2892-1-0x00000000750D0000-0x0000000075880000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2892-0-0x0000000000EB0000-0x0000000000F04000-memory.dmp

    Filesize

    336KB

    Download

  • memory/2892-2-0x0000000005DB0000-0x0000000006354000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/2892-3-0x0000000005900000-0x0000000005992000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2892-4-0x00000000058D0000-0x00000000058E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2892-5-0x0000000005AD0000-0x0000000005ADA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2892-6-0x0000000006E10000-0x0000000007428000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2892-8-0x0000000008690000-0x00000000086A2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2892-7-0x00000000087A0000-0x00000000088AA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2892-9-0x00000000086B0000-0x00000000086EC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2892-10-0x0000000008730000-0x000000000877C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/2892-11-0x00000000068E0000-0x0000000006946000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2892-12-0x000000000A290000-0x000000000A2E0000-memory.dmp

    Filesize

    320KB

    Download

  • memory/2892-13-0x00000000098B0000-0x0000000009A72000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2892-14-0x000000000AC10000-0x000000000B13C000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/2892-16-0x00000000750D0000-0x0000000075880000-memory.dmp

    Filesize

    7.7MB

    Download