Overview

overview

10

Static

static

3

0bbde9df88...20.exe

windows10-2004-x64

10

14381f89f8...62.exe

windows10-2004-x64

10

1c09c6faad...a0.exe

windows7-x64

3

1c09c6faad...a0.exe

windows10-2004-x64

10

1c8308039a...16.exe

windows7-x64

3

1c8308039a...16.exe

windows10-2004-x64

10

1fe4c883d2...6d.exe

windows10-2004-x64

10

234b8aa959...d8.exe

windows10-2004-x64

10

410e72302d...e8.exe

windows7-x64

3

410e72302d...e8.exe

windows10-2004-x64

10

4431aa7413...8c.exe

windows7-x64

3

4431aa7413...8c.exe

windows10-2004-x64

10

68f997d58c...e5.exe

windows10-2004-x64

10

812ce70322...27.exe

windows10-2004-x64

10

88a3f8285d...ab.exe

windows10-2004-x64

10

90fdeaf3f0...a8.exe

windows7-x64

3

90fdeaf3f0...a8.exe

windows10-2004-x64

10

9d92aedf9d...9d.exe

windows7-x64

3

9d92aedf9d...9d.exe

windows10-2004-x64

10

9ff2fb6bb8...32.exe

windows10-2004-x64

10

ac4e2e3d9d...dd.exe

windows7-x64

3

ac4e2e3d9d...dd.exe

windows10-2004-x64

10

b62483116d...b6.exe

windows10-2004-x64

10

c901122f00...70.exe

windows10-2004-x64

10

cfda8adb75...7f.exe

windows10-2004-x64

10

dfe8591c80...49.exe

windows10-2004-x64

10

f5659ff4e2...ff.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 10:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4431aa7413f5833360f953b5d26f7cceefeb1dfd20705856a7c02d106943048c.exe

  • Size

    265KB

  • MD5

    e1476c92f1281ba69cabef1c7c9bb1cd

  • SHA1

    81c5c47061f07e9723d71aa4489bfea039959a08

  • SHA256

    4431aa7413f5833360f953b5d26f7cceefeb1dfd20705856a7c02d106943048c

  • SHA512

    8e9faac4b123c5ca518f773ae24a5b1013376863645524b55ed5b44bc2a005f7fb4c266d2ff1a29c1ac64ee135b5714ef98d4c34786a9c4765bbc4c3426bdc46

  • SSDEEP

    6144:3ZrHgDcXDXO5TGgwkOlqDJL0DVG03ahms6up:3ZHgDcBsNaVzq8Zup

Score
10/10
redline5195552529discoveryinfostealer

Malware Config

Extracted

Family

redline

Botnet

5195552529

C2

https://pastebin.com/raw/NgsUAPya

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4431aa7413f5833360f953b5d26f7cceefeb1dfd20705856a7c02d106943048c.exe
    "C:\Users\Admin\AppData\Local\Temp\4431aa7413f5833360f953b5d26f7cceefeb1dfd20705856a7c02d106943048c.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4484
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      2⤵
        PID:4312
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2768

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2768-6-0x0000000006350000-0x0000000006968000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/2768-8-0x0000000005EE0000-0x0000000005FEA000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/2768-13-0x0000000075030000-0x00000000757E0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2768-2-0x0000000000400000-0x0000000000422000-memory.dmp

      Filesize

      136KB

      Download

    • memory/2768-4-0x000000007503E000-0x000000007503F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2768-5-0x0000000005820000-0x0000000005886000-memory.dmp

      Filesize

      408KB

      Download

    • memory/2768-12-0x000000007503E000-0x000000007503F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2768-11-0x0000000006BF0000-0x0000000006C3C000-memory.dmp

      Filesize

      304KB

      Download

    • memory/2768-10-0x0000000006BB0000-0x0000000006BEC000-memory.dmp

      Filesize

      240KB

      Download

    • memory/2768-9-0x0000000075030000-0x00000000757E0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2768-7-0x0000000005DB0000-0x0000000005DC2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4484-0-0x0000000000CF0000-0x0000000000CF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4484-1-0x0000000000CF0000-0x0000000000CF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4484-3-0x0000000000CF0000-0x0000000000CF1000-memory.dmp

      Filesize

      4KB

      Download