Overview

overview

10

Static

static

10

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    88s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-02-2024 17:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    313KB

  • MD5

    6754d3c831c2392dd5a35b5768df4c37

  • SHA1

    3a1bac47966c643c1587b734f19e7963c56e8dee

  • SHA256

    715dfcd7ca54a83c37acf2e093a0c3703732b2e3fceb52fcf5037f37e333bad9

  • SHA512

    2d373f936746f2bf962dbac09779d1b7c7f93dec7d8728f2c3db8bda36da290539e49b8d3bdcbeef28ab1d6e126f8632c009f5583ebb1b2d3cba4ba18e6245dd

  • SSDEEP

    3072:QA0UpT1W+9dAoDc0ib8fy+8EnelxlmyxkMRqfjDv/YUeqiOL2bBOJ:4sHdGjb8KNxADMRqfjD4aL

Score
10/10
redline1discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

1

C2

92.222.212.74:1450

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3056

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3056-0-0x0000000000500000-0x0000000000554000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3056-1-0x0000000074BE0000-0x0000000075390000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3056-2-0x00000000055C0000-0x0000000005B64000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/3056-3-0x0000000004F40000-0x0000000004FD2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/3056-4-0x0000000005160000-0x0000000005170000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3056-5-0x0000000005010000-0x000000000501A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3056-6-0x0000000006190000-0x00000000067A8000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/3056-8-0x00000000051F0000-0x0000000005202000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3056-7-0x00000000052C0000-0x00000000053CA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3056-9-0x0000000005250000-0x000000000528C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/3056-10-0x00000000053D0000-0x000000000541C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/3056-11-0x0000000005550000-0x00000000055B6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3056-12-0x0000000006A80000-0x0000000006C42000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/3056-13-0x0000000007180000-0x00000000076AC000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3056-14-0x0000000074BE0000-0x0000000075390000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3056-15-0x0000000006F50000-0x0000000006FA0000-memory.dmp

    Filesize

    320KB

    Download

  • memory/3056-16-0x0000000005160000-0x0000000005170000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3056-18-0x0000000074BE0000-0x0000000075390000-memory.dmp

    Filesize

    7.7MB

    Download