Overview

overview

10

Static

static

10

Setup.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    37s
  • max time network
    38s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-06-2024 15:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup.exe

  • Size

    459KB

  • MD5

    61bdd7d8b26bcaa0ee44344350fec5a9

  • SHA1

    9b3ec3b59351190256b14f897c47f79046e834a0

  • SHA256

    954c4f252f74dfba36e41d70ccbb0fdee14ced81de5d1633114c92175ca90640

  • SHA512

    6355cb36c664bd8f24f5eab9024cb30ee48f4f2bd48aa31cf0a5d4627f3c5decc2dfbfae6fdc19e9f1935497d5410c05d4560ed561feb877f9ef06cac25871d6

  • SSDEEP

    6144:t5x6BcfQjw35PH3cUWa2qnBDNnwbA+p4pN4v7EaSxbxF+AIGGpDwvRtfNj6:Px6B105PcDaznBBnwHqePSxbxs3

Score
10/10
redlineinfostealer

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1060-0-0x0000000073F9E000-0x0000000073F9F000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1060-1-0x00000000009C0000-0x0000000000A38000-memory.dmp
    Filesize

    480KB

    Download
  • memory/1060-2-0x00000000059B0000-0x0000000005F54000-memory.dmp
    Filesize

    5.6MB

    Download
  • memory/1060-3-0x0000000073F90000-0x0000000074740000-memory.dmp
    Filesize

    7.7MB

    Download
  • memory/1060-4-0x00000000054A0000-0x0000000005532000-memory.dmp
    Filesize

    584KB

    Download
  • memory/1060-5-0x0000000005830000-0x000000000583A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/1060-6-0x0000000008D80000-0x0000000009398000-memory.dmp
    Filesize

    6.1MB

    Download
  • memory/1060-7-0x00000000089A0000-0x0000000008AAA000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/1060-8-0x00000000088E0000-0x00000000088F2000-memory.dmp
    Filesize

    72KB

    Download
  • memory/1060-9-0x0000000008940000-0x000000000897C000-memory.dmp
    Filesize

    240KB

    Download
  • memory/1060-10-0x0000000008AB0000-0x0000000008AFC000-memory.dmp
    Filesize

    304KB

    Download
  • memory/1060-11-0x0000000073F9E000-0x0000000073F9F000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1060-12-0x0000000073F90000-0x0000000074740000-memory.dmp
    Filesize

    7.7MB

    Download