Overview

overview

10

Static

static

3

a81972d22b...3N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-11-2024 06:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a81972d22bbec6d5d7a194144907b7af3582920740dd262e75ad2f1498778f33N.exe

  • Size

    583KB

  • MD5

    763f94bb2d757bfb041fa56f6844ed20

  • SHA1

    ecaa536a49f57cfa3f4abbe167cd8c3301c6d2d7

  • SHA256

    a81972d22bbec6d5d7a194144907b7af3582920740dd262e75ad2f1498778f33

  • SHA512

    7e24d57735e15a68ebed02ceaab485b588d968ea788470fc7603a1f57a537c18acd48884fd9add42b28ff6d789b4248adbc4c12dedc796161d229a7c3f1f7173

  • SSDEEP

    12288:8MrOy9033s5s9CRNv5HjbmclwkLwKi5cBWDmAmX74kN:SyKc5s9Ov5Hjbpfi5jmJVN

Score
10/10
redlineronamdiscoveryinfostealerpersistence

Malware Config

Extracted

Family

redline

Botnet

ronam

C2

193.233.20.17:4139

Attributes
  • auth_value

    125421d19d14dd7fd211bc7f6d4aea6c

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 35 IoCs
  • Redline family
    redline
  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a81972d22bbec6d5d7a194144907b7af3582920740dd262e75ad2f1498778f33N.exe
    "C:\Users\Admin\AppData\Local\Temp\a81972d22bbec6d5d7a194144907b7af3582920740dd262e75ad2f1498778f33N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2180
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\nbK36VY20.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\nbK36VY20.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2724
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\evq49tF.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\evq49tF.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:2316

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\nbK36VY20.exe
    Filesize

    439KB

    MD5

    93d7995a7a8e36c5cb4e1c5dbb79b85d

    SHA1

    54ee45b6d665d2fd4d6a3ac90fdb328db961e93b

    SHA256

    f27d60940eae68cd1f2654da255d579e423214f6c58e8c49e5f8fb88a1527e88

    SHA512

    5eba5b9fc4e7f8d91fea29320d26a02d3e5bff1f6aa07f02f5145aa529aaad619cc696b5667e0ef0ac650a8c0ed96b9bec4bba30b34ee6d64ceabcc1bbdeb177

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\evq49tF.exe
    Filesize

    302KB

    MD5

    3ae325b7e23ade83ec4a82f60599bbd2

    SHA1

    5dc22cc013fc250e419ac826ef7cb1fcb3728ef5

    SHA256

    271a51784a7210356ba70dfd7e82d0c7c46316b6911925e1e6c955d5b3ecaa74

    SHA512

    a10c5bc435513e0583d9e5227347e1e62a5b1a6a25116f3a609b8d93d797c402ecc88041156f337b66ead158d9fe1a0000b71c1f114efd14c95d28cc26e026d3

    Download Submit

  • memory/2316-15-0x0000000000820000-0x0000000000920000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2316-16-0x0000000000750000-0x000000000079B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/2316-17-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/2316-18-0x0000000000400000-0x000000000062C000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2316-19-0x0000000004C90000-0x0000000004CD6000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2316-20-0x0000000004D30000-0x00000000052D4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/2316-21-0x0000000005300000-0x0000000005344000-memory.dmp

    Filesize

    272KB

    Download

  • memory/2316-23-0x0000000005300000-0x000000000533E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2316-63-0x0000000005300000-0x000000000533E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2316-85-0x0000000005300000-0x000000000533E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2316-83-0x0000000005300000-0x000000000533E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2316-81-0x0000000005300000-0x000000000533E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2316-79-0x0000000005300000-0x000000000533E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2316-77-0x0000000005300000-0x000000000533E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2316-75-0x0000000005300000-0x000000000533E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2316-73-0x0000000005300000-0x000000000533E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2316-71-0x0000000005300000-0x000000000533E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2316-69-0x0000000005300000-0x000000000533E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2316-67-0x0000000005300000-0x000000000533E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2316-61-0x0000000005300000-0x000000000533E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2316-59-0x0000000005300000-0x000000000533E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2316-57-0x0000000005300000-0x000000000533E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2316-55-0x0000000005300000-0x000000000533E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2316-53-0x0000000005300000-0x000000000533E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2316-51-0x0000000005300000-0x000000000533E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2316-49-0x0000000005300000-0x000000000533E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2316-47-0x0000000005300000-0x000000000533E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2316-45-0x0000000005300000-0x000000000533E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2316-43-0x0000000005300000-0x000000000533E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2316-41-0x0000000005300000-0x000000000533E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2316-39-0x0000000005300000-0x000000000533E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2316-37-0x0000000005300000-0x000000000533E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2316-35-0x0000000005300000-0x000000000533E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2316-33-0x0000000005300000-0x000000000533E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2316-31-0x0000000005300000-0x000000000533E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2316-29-0x0000000005300000-0x000000000533E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2316-27-0x0000000005300000-0x000000000533E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2316-25-0x0000000005300000-0x000000000533E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2316-65-0x0000000005300000-0x000000000533E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2316-22-0x0000000005300000-0x000000000533E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2316-928-0x00000000053A0000-0x00000000059B8000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2316-929-0x0000000005A40000-0x0000000005B4A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2316-930-0x0000000005B80000-0x0000000005B92000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2316-931-0x0000000005BA0000-0x0000000005BDC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2316-932-0x0000000005CF0000-0x0000000005D3C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/2316-933-0x0000000000820000-0x0000000000920000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2316-934-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download