Overview

overview

10

Static

static

3

1238663077...be.exe

windows10-2004-x64

10

2176dd1779...68.exe

windows10-2004-x64

10

25c57e6714...48.exe

windows7-x64

10

25c57e6714...48.exe

windows10-2004-x64

10

604faa1b56...ed.exe

windows7-x64

3

604faa1b56...ed.exe

windows10-2004-x64

10

611b640fd7...5e.exe

windows10-2004-x64

10

61ec6f7f31...74.exe

windows10-2004-x64

10

654aa4d5e8...3b.exe

windows10-2004-x64

10

6c15f1899d...ed.exe

windows10-2004-x64

10

7b22e6cc31...ce.exe

windows10-2004-x64

10

8a68d5e2ce...71.exe

windows10-2004-x64

10

9a72ed316b...b3.exe

windows10-2004-x64

10

b2abc74f29...1f.exe

windows10-2004-x64

10

ba5c9d840c...7b.exe

windows10-2004-x64

10

ba769ab008...cb.exe

windows10-2004-x64

10

c29b675475...fe.exe

windows10-2004-x64

10

c39106a352...4e.exe

windows7-x64

10

c39106a352...4e.exe

windows10-2004-x64

10

ecc005f21f...de.exe

windows10-2004-x64

f0fb625894...03.exe

windows10-2004-x64

10

f66a0103e4...71.exe

windows10-2004-x64

10

fd5bd6afc5...4f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    09-05-2024 14:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    25c57e67144c4603cb7936eb9ad62fb4a4b313d0acb99262c66c4792f6ecdf48.exe

  • Size

    188KB

  • MD5

    137f89538b18fec4e18561f3c0074666

  • SHA1

    05285ca1589e7eb544b78319c5a6bf2ad8093bf5

  • SHA256

    25c57e67144c4603cb7936eb9ad62fb4a4b313d0acb99262c66c4792f6ecdf48

  • SHA512

    dac288d4c46586147800406f74a1e6cc3263c86a7ace1c62ed58277fe68b601a20c2a7783ffb2bda19899138b827f33c4005155b8fd32b58f46f3fbc3bc6a0d1

  • SSDEEP

    3072:zF0Z64zJQzbb/Qt0Vf3I/jGRf8pdXyprmw4USCkHdSzw0WQEEhmwfdxTI6Exfx:zyZJzezbkef8pdCdmNUSZHWeEhmwfdxe

Score
10/10
redline1366220748discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

1366220748

C2

https://pastebin.com/raw/NgsUAPya

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\25c57e67144c4603cb7936eb9ad62fb4a4b313d0acb99262c66c4792f6ecdf48.exe
    "C:\Users\Admin\AppData\Local\Temp\25c57e67144c4603cb7936eb9ad62fb4a4b313d0acb99262c66c4792f6ecdf48.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1992

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1992-1-0x0000000000250000-0x000000000026E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/1992-4-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download