Overview

overview

10

Static

static

1

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    168s
  • max time network
    169s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24-06-2024 05:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    adbf66605a6b569b3b4e915ad9cdf271c0889a14fc59b70233b2c966fca1dc93.exe

  • Size

    3.1MB

  • MD5

    d3280c8db77e7d70bc80ad58e875dcf5

  • SHA1

    e344a0bc5e42fba4ee4bd89827b46642481fb67c

  • SHA256

    adbf66605a6b569b3b4e915ad9cdf271c0889a14fc59b70233b2c966fca1dc93

  • SHA512

    3c3bdb76929d39fc83fb244dca15ddf358bc1fa0d447d28c4996c5c389cd411c396b6ca20d0dd64728b6e8ab13591c538cfdc01acc3c62a04793243646c28d2c

  • SSDEEP

    49152:I5cmt/rNUf4GLsBxS+8cY3L0FnpyDLuNblwy:I5c+/osBxnE4npOuNblh

Score
10/10
redlinelogsdiller cloud (tg: @logsdillabot)infostealerspyware

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

5.42.65.92:27953

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 3 IoCs
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\adbf66605a6b569b3b4e915ad9cdf271c0889a14fc59b70233b2c966fca1dc93.exe
    "C:\Users\Admin\AppData\Local\Temp\adbf66605a6b569b3b4e915ad9cdf271c0889a14fc59b70233b2c966fca1dc93.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1756
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2612

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1756-40-0x0000000000900000-0x0000000000915000-memory.dmp
    Filesize

    84KB

    Download
  • memory/1756-10-0x0000000000900000-0x0000000000915000-memory.dmp
    Filesize

    84KB

    Download
  • memory/1756-2-0x0000000074360000-0x0000000074A4E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/1756-3-0x0000000005060000-0x000000000516A000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/1756-4-0x0000000000900000-0x000000000091C000-memory.dmp
    Filesize

    112KB

    Download
  • memory/1756-5-0x0000000000900000-0x0000000000915000-memory.dmp
    Filesize

    84KB

    Download
  • memory/1756-12-0x0000000000900000-0x0000000000915000-memory.dmp
    Filesize

    84KB

    Download
  • memory/1756-26-0x0000000000900000-0x0000000000915000-memory.dmp
    Filesize

    84KB

    Download
  • memory/1756-54-0x0000000000900000-0x0000000000915000-memory.dmp
    Filesize

    84KB

    Download
  • memory/1756-18-0x0000000000900000-0x0000000000915000-memory.dmp
    Filesize

    84KB

    Download
  • memory/1756-42-0x0000000000900000-0x0000000000915000-memory.dmp
    Filesize

    84KB

    Download
  • memory/1756-64-0x0000000000900000-0x0000000000915000-memory.dmp
    Filesize

    84KB

    Download
  • memory/1756-62-0x0000000000900000-0x0000000000915000-memory.dmp
    Filesize

    84KB

    Download
  • memory/1756-60-0x0000000000900000-0x0000000000915000-memory.dmp
    Filesize

    84KB

    Download
  • memory/1756-58-0x0000000000900000-0x0000000000915000-memory.dmp
    Filesize

    84KB

    Download
  • memory/1756-56-0x0000000000900000-0x0000000000915000-memory.dmp
    Filesize

    84KB

    Download
  • memory/1756-52-0x0000000000900000-0x0000000000915000-memory.dmp
    Filesize

    84KB

    Download
  • memory/1756-50-0x0000000000900000-0x0000000000915000-memory.dmp
    Filesize

    84KB

    Download
  • memory/1756-48-0x0000000000900000-0x0000000000915000-memory.dmp
    Filesize

    84KB

    Download
  • memory/1756-46-0x0000000000900000-0x0000000000915000-memory.dmp
    Filesize

    84KB

    Download
  • memory/1756-45-0x0000000000900000-0x0000000000915000-memory.dmp
    Filesize

    84KB

    Download
  • memory/1756-65-0x0000000074360000-0x0000000074A4E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/1756-0-0x000000007436E000-0x000000007436F000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1756-78-0x0000000074360000-0x0000000074A4E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/1756-30-0x0000000000900000-0x0000000000915000-memory.dmp
    Filesize

    84KB

    Download
  • memory/1756-34-0x0000000000900000-0x0000000000915000-memory.dmp
    Filesize

    84KB

    Download
  • memory/1756-32-0x0000000000900000-0x0000000000915000-memory.dmp
    Filesize

    84KB

    Download
  • memory/1756-36-0x0000000000900000-0x0000000000915000-memory.dmp
    Filesize

    84KB

    Download
  • memory/1756-28-0x0000000000900000-0x0000000000915000-memory.dmp
    Filesize

    84KB

    Download
  • memory/1756-24-0x0000000000900000-0x0000000000915000-memory.dmp
    Filesize

    84KB

    Download
  • memory/1756-22-0x0000000000900000-0x0000000000915000-memory.dmp
    Filesize

    84KB

    Download
  • memory/1756-21-0x0000000000900000-0x0000000000915000-memory.dmp
    Filesize

    84KB

    Download
  • memory/1756-16-0x0000000000900000-0x0000000000915000-memory.dmp
    Filesize

    84KB

    Download
  • memory/1756-14-0x0000000000900000-0x0000000000915000-memory.dmp
    Filesize

    84KB

    Download
  • memory/1756-1-0x0000000000CC0000-0x0000000000FE2000-memory.dmp
    Filesize

    3.1MB

    Download
  • memory/1756-8-0x0000000000900000-0x0000000000915000-memory.dmp
    Filesize

    84KB

    Download
  • memory/1756-6-0x0000000000900000-0x0000000000915000-memory.dmp
    Filesize

    84KB

    Download
  • memory/1756-38-0x0000000000900000-0x0000000000915000-memory.dmp
    Filesize

    84KB

    Download
  • memory/2612-67-0x0000000000400000-0x0000000000450000-memory.dmp
    Filesize

    320KB

    Download
  • memory/2612-66-0x0000000000400000-0x0000000000450000-memory.dmp
    Filesize

    320KB

    Download
  • memory/2612-68-0x0000000000400000-0x0000000000450000-memory.dmp
    Filesize

    320KB

    Download
  • memory/2612-69-0x0000000000400000-0x0000000000450000-memory.dmp
    Filesize

    320KB

    Download
  • memory/2612-77-0x0000000074360000-0x0000000074A4E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/2612-76-0x0000000000400000-0x0000000000450000-memory.dmp
    Filesize

    320KB

    Download
  • memory/2612-79-0x0000000074360000-0x0000000074A4E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/2612-80-0x0000000074360000-0x0000000074A4E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/2612-81-0x0000000074360000-0x0000000074A4E000-memory.dmp
    Filesize

    6.9MB

    Download