Overview

overview

10

Static

static

10

Build.exe

windows7-x64

10

Build.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    55s
  • max time network
    53s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-04-2024 17:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Build.exe

  • Size

    141KB

  • MD5

    4793635d89c00e6f9fc0b6953530a4c0

  • SHA1

    dc168256f1b27093c7b6699fcf8ac9d4393adbe2

  • SHA256

    9adbdf6077ac14b7dd2a4e37f15881bbf2fa25b56690bc5000fcfb93ed3cfbe2

  • SHA512

    14aa1035d4343e898b42c70e075df65bdaa3265149806becf3e88b056f64486ac9219d137ed51af74edb0398cdab445741aa9b1a19c3e6db3e4ee260a2b04427

  • SSDEEP

    3072:BK1JZOpTvVQZ+rcIeRYs6YmszJqoD277BpGGoMTb3R35dINX9r5Pxk:QOpu0rjeRbVJqoDm1pGGoMTb3RDINN

Score
10/10
redlineinfostealer

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • Kills process with taskkill 1 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Build.exe
    "C:\Users\Admin\AppData\Local\Temp\Build.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:552
    • C:\Windows\SysWOW64\cmd.exe
      "cmd.exe" /C taskkill /F /PID 552 && choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\Build.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2044
      • C:\Windows\SysWOW64\taskkill.exe
        taskkill /F /PID 552
        3⤵
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:4880
      • C:\Windows\SysWOW64\choice.exe
        choice /C Y /N /D Y /T 3
        3⤵
          PID:796

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/552-0-0x00000000007F0000-0x000000000081A000-memory.dmp
      Filesize

      168KB

      Download
    • memory/552-1-0x0000000075130000-0x00000000758E0000-memory.dmp
      Filesize

      7.7MB

      Download
    • memory/552-2-0x00000000052D0000-0x00000000052E0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/552-3-0x0000000005900000-0x0000000005F18000-memory.dmp
      Filesize

      6.1MB

      Download
    • memory/552-4-0x00000000051D0000-0x00000000051E2000-memory.dmp
      Filesize

      72KB

      Download
    • memory/552-5-0x0000000005230000-0x000000000526C000-memory.dmp
      Filesize

      240KB

      Download
    • memory/552-6-0x0000000005270000-0x00000000052BC000-memory.dmp
      Filesize

      304KB

      Download
    • memory/552-7-0x00000000054F0000-0x00000000055FA000-memory.dmp
      Filesize

      1.0MB

      Download
    • memory/552-8-0x0000000075130000-0x00000000758E0000-memory.dmp
      Filesize

      7.7MB

      Download
    • memory/552-9-0x0000000075130000-0x00000000758E0000-memory.dmp
      Filesize

      7.7MB

      Download