Overview

overview

10

Static

static

10

1/0280cde4...60.exe

windows10-2004-x64

10

1/08b76206...65.exe

windows10-2004-x64

10

1/0e4fc438...91.exe

windows10-2004-x64

10

1/0fb86a8b...05.exe

windows10-2004-x64

10

1/25898c73...8f.exe

windows10-2004-x64

10

1/2c2e9491...3c.exe

windows10-2004-x64

10

1/2ef0f582...2e.exe

windows10-2004-x64

10

1/39884fc0...82.exe

windows10-2004-x64

10

1/3a72ecec...8a.exe

windows10-2004-x64

10

1/3bfcb4f7...71.exe

windows10-2004-x64

10

1/4103411f...f5.exe

windows10-2004-x64

10

1/4e0fdb84...95.exe

windows10-2004-x64

7

1/5297372f...33.exe

windows10-2004-x64

5

1/68292f38...e4.exe

windows10-2004-x64

10

1/6da4696b...e5.exe

windows10-2004-x64

7

1/7021c9cb...78.exe

windows10-2004-x64

10

1/752f5cc5...60.exe

windows10-2004-x64

10

1/7c7cded8...0c.exe

windows10-2004-x64

10

1/97d29ffc...84.exe

windows10-2004-x64

7

1/a306cc84...03.exe

windows10-2004-x64

7

1/ae1a168f...74.exe

windows10-2004-x64

7

1/b13f2364...d6.exe

windows10-2004-x64

8

1/b2a1d168...9d.bat

windows10-2004-x64

8

1/bb29aeb6...bd.exe

windows10-2004-x64

8

1/c8e5a24a...f5.bat

windows10-2004-x64

8

1/c9736cdc...97.exe

windows10-2004-x64

8

1/d58780d1...a0.exe

windows10-2004-x64

10

1/de19e016...d0.exe

windows10-2004-x64

1

1/e886016e...51.exe

windows10-2004-x64

10

1/f0f496ec...f4.bat

windows10-2004-x64

8

1/f28599b0...23.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-07-2024 08:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1/e886016e48bf0e3cd100d627678f345743509fd5f57f3c9b182f2833352bd451.exe

  • Size

    338KB

  • MD5

    f5607d12bfd66fa6205cfd6b078e8080

  • SHA1

    2c4f15f916b1dea8b76ebb06468e1700a2122b78

  • SHA256

    e886016e48bf0e3cd100d627678f345743509fd5f57f3c9b182f2833352bd451

  • SHA512

    74df2af255a0d0e6802ab13ffa2f44b26ed11d2bd4388d7659214ab42c5daa2319e1a924af4e8418e294678ee27508e908ac43becc544a8a7fa05cfccb230e94

  • SSDEEP

    6144:uwTSx/BpP+AegMMtRvu3LqBOkQWr3Yf0aldxZsakM2di8MEO:uJpP6gMEhEfjldxZei8MEO

Score
10/10
redline6951125327discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

6951125327

C2

https://t.me/+7Lir0e4Gw381MDhi*https://steamcommunity.com/profiles/76561199038841443

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1\e886016e48bf0e3cd100d627678f345743509fd5f57f3c9b182f2833352bd451.exe
    "C:\Users\Admin\AppData\Local\Temp\1\e886016e48bf0e3cd100d627678f345743509fd5f57f3c9b182f2833352bd451.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2268
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3660

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2268-0-0x0000000003230000-0x0000000003231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3660-1-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3660-2-0x00000000745BE000-0x00000000745BF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3660-3-0x0000000005070000-0x00000000050D6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3660-4-0x0000000005B40000-0x0000000006158000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/3660-5-0x00000000055C0000-0x00000000055D2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3660-6-0x00000000056F0000-0x00000000057FA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3660-7-0x00000000745B0000-0x0000000074D60000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3660-8-0x00000000063A0000-0x00000000063DC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/3660-9-0x00000000063E0000-0x000000000642C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/3660-10-0x0000000006730000-0x00000000068F2000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/3660-11-0x0000000006E30000-0x000000000735C000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3660-12-0x0000000007910000-0x0000000007EB4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/3660-13-0x0000000006B40000-0x0000000006BD2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/3660-14-0x0000000006980000-0x00000000069F6000-memory.dmp

    Filesize

    472KB

    Download

  • memory/3660-15-0x0000000006900000-0x000000000691E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/3660-16-0x0000000006CE0000-0x0000000006D30000-memory.dmp

    Filesize

    320KB

    Download

  • memory/3660-17-0x00000000745BE000-0x00000000745BF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3660-18-0x00000000745B0000-0x0000000074D60000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3660-20-0x00000000745B0000-0x0000000074D60000-memory.dmp

    Filesize

    7.7MB

    Download