Overview

overview

10

Static

static

3

github.sof....8.zip

windows10-1703-x64

1

Setup_latest.exe

windows10-1703-x64

10

$PLUGINSDIR/INetC.dll

windows10-1703-x64

3

$PLUGINSDI...ls.dll

windows10-1703-x64

3

$PLUGINSDI...em.dll

windows10-1703-x64

3

$PLUGINSDIR/UAC.dll

windows10-1703-x64

3

$PLUGINSDI...ll.dll

windows10-1703-x64

3

$PLUGINSDI...gs.dll

windows10-1703-x64

3

$PLUGINSDI...ec.dll

windows10-1703-x64

3

$PLUGINSDI...7z.dll

windows10-1703-x64

3

$R0/Uninst...en.exe

windows10-1703-x64

4

Analysis

  • max time kernel
    185s
  • max time network
    300s
  • platform
    windows10-1703_x64
  • resource
    win10-20240611-en
  • resource tags

    arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
  • submitted
    02-07-2024 00:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup_latest.exe

  • Size

    1.4MB

  • MD5

    eb48500860ece87bc7a169118c929fb3

  • SHA1

    bb20b2598d5ac31d36717f316fc733c4f8df9a9c

  • SHA256

    b96862087581adb9ecfb9615a46eedb29d13c606e708b7b532ce6ed3217925a4

  • SHA512

    d595378bdc733b17697a5aa075e78082e863189255594f6c805380e745ea0bd66631bd3d58289f5c4b051c5073b61fe1ad70953ef84d305397b6ecf296789c9c

  • SSDEEP

    24576:ZxgPnpq2yAY1szLSvJwv4ahekPxMB7Du173pG1szLSvJwv4a:EnpNyA9qvCvHOBK73pfqvCv

Score
10/10
redlinereddiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

red

C2

147.45.44.12:13830

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup_latest.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup_latest.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:900

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/900-0-0x00000000022C0000-0x0000000002310000-memory.dmp
    Filesize

    320KB

    Download
  • memory/900-2-0x00000000022C0000-0x0000000002310000-memory.dmp
    Filesize

    320KB

    Download
  • memory/900-3-0x000000007351E000-0x000000007351F000-memory.dmp
    Filesize

    4KB

    Download
  • memory/900-4-0x0000000004E20000-0x0000000004E70000-memory.dmp
    Filesize

    320KB

    Download
  • memory/900-5-0x0000000073510000-0x0000000073BFE000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/900-6-0x0000000005020000-0x000000000551E000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/900-7-0x0000000073510000-0x0000000073BFE000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/900-8-0x0000000073510000-0x0000000073BFE000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/900-9-0x0000000004ED0000-0x0000000004F62000-memory.dmp
    Filesize

    584KB

    Download
  • memory/900-10-0x0000000073510000-0x0000000073BFE000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/900-11-0x0000000004FB0000-0x0000000004FBA000-memory.dmp
    Filesize

    40KB

    Download
  • memory/900-12-0x0000000005520000-0x0000000005B26000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/900-13-0x0000000005BA0000-0x0000000005CAA000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/900-14-0x0000000005CD0000-0x0000000005CE2000-memory.dmp
    Filesize

    72KB

    Download
  • memory/900-15-0x0000000005CF0000-0x0000000005D2E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/900-16-0x0000000005D60000-0x0000000005DAB000-memory.dmp
    Filesize

    300KB

    Download
  • memory/900-17-0x0000000005FD0000-0x0000000006036000-memory.dmp
    Filesize

    408KB

    Download
  • memory/900-18-0x0000000006450000-0x00000000064A0000-memory.dmp
    Filesize

    320KB

    Download
  • memory/900-19-0x00000000064F0000-0x00000000066B2000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/900-20-0x00000000066C0000-0x0000000006BEC000-memory.dmp
    Filesize

    5.2MB

    Download
  • memory/900-22-0x00000000022C0000-0x0000000002310000-memory.dmp
    Filesize

    320KB

    Download
  • memory/900-24-0x0000000073510000-0x0000000073BFE000-memory.dmp
    Filesize

    6.9MB

    Download