Overview

overview

10

Static

static

3

1668096fbf...95.exe

windows10-2004-x64

10

2159151861...2d.exe

windows10-2004-x64

10

22c5bd0a3e...19.exe

windows10-2004-x64

10

2a0ae333a9...1a.exe

windows7-x64

3

2a0ae333a9...1a.exe

windows10-2004-x64

10

4f86d48b3d...df.exe

windows10-2004-x64

10

53ecffef24...36.exe

windows10-2004-x64

10

75ccbf328f...af.exe

windows10-2004-x64

10

77ba6e9303...c2.exe

windows10-2004-x64

10

798aee8abb...5b.exe

windows10-2004-x64

10

79eaddd1dc...70.exe

windows10-2004-x64

10

80ada740eb...52.exe

windows10-2004-x64

10

9e3cf610e6...f0.exe

windows7-x64

10

9e3cf610e6...f0.exe

windows10-2004-x64

10

a5bd0160df...49.exe

windows10-2004-x64

10

aee53fccee...da.exe

windows10-2004-x64

10

af9c5ff480...30.exe

windows7-x64

3

af9c5ff480...30.exe

windows10-2004-x64

10

bfe644d3bd...29.exe

windows10-2004-x64

10

ca9f078739...a4.exe

windows10-2004-x64

10

dda511575f...2f.exe

windows10-2004-x64

10

ff541e0752...bb.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-05-2024 08:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2a0ae333a9b72768e8a05e7ebbfe4b15cf581f8c08129c0639aeed58eaf7901a.exe

  • Size

    333KB

  • MD5

    70b649dc98496fdd95d3c31dd28c8a96

  • SHA1

    8ac9a901047426fcaec73a4fa061b85ab28a378a

  • SHA256

    2a0ae333a9b72768e8a05e7ebbfe4b15cf581f8c08129c0639aeed58eaf7901a

  • SHA512

    5a3c19ceee7df6d988bb3ad15c6242820629da8c941f69773f30fc7491a63629f6b1cfc603b2167b04ddbb85d304c1938b3f0d6f1af89af468a6ab5fb0ad873a

  • SSDEEP

    6144:R1RwZfFQDiioMvzATd5W0jbSXRYyghzqjjjjjjjfMNV4iJBcp+0Xp:R/zDiioMvzA+iyg9qjjjjjjjf+V4iJB+

Score
10/10
redline5345987420discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

5345987420

C2

https://pastebin.com/raw/NgsUAPya

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2a0ae333a9b72768e8a05e7ebbfe4b15cf581f8c08129c0639aeed58eaf7901a.exe
    "C:\Users\Admin\AppData\Local\Temp\2a0ae333a9b72768e8a05e7ebbfe4b15cf581f8c08129c0639aeed58eaf7901a.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2924
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2044

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2044-8-0x0000000074820000-0x0000000074FD0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2044-19-0x0000000074820000-0x0000000074FD0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2044-9-0x0000000006760000-0x000000000679C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2044-3-0x000000007482E000-0x000000007482F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2044-4-0x0000000005370000-0x00000000053D6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2044-5-0x0000000005F00000-0x0000000006518000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2044-6-0x0000000005940000-0x0000000005952000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2044-7-0x0000000005A70000-0x0000000005B7A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2044-1-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2044-17-0x0000000007110000-0x0000000007160000-memory.dmp

    Filesize

    320KB

    Download

  • memory/2044-11-0x0000000006AB0000-0x0000000006C72000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2044-10-0x00000000067A0000-0x00000000067EC000-memory.dmp

    Filesize

    304KB

    Download

  • memory/2044-12-0x00000000071B0000-0x00000000076DC000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/2044-14-0x0000000006E20000-0x0000000006EB2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2044-13-0x0000000007C90000-0x0000000008234000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/2044-15-0x0000000007040000-0x00000000070B6000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2044-16-0x0000000007000000-0x000000000701E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2924-2-0x0000000000710000-0x0000000000711000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2924-0-0x0000000000710000-0x0000000000711000-memory.dmp

    Filesize

    4KB

    Download