Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
16-01-2021 07:30
Static task
static1
Behavioral task
behavioral1
Sample
1c7b5feef64697929d2b89c6e53e1642.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
1c7b5feef64697929d2b89c6e53e1642.exe
Resource
win10v20201028
General
-
Target
1c7b5feef64697929d2b89c6e53e1642.exe
-
Size
352KB
-
MD5
1c7b5feef64697929d2b89c6e53e1642
-
SHA1
3188662f3ce00e97131f98c9824c8d26e5086bbb
-
SHA256
521bbb71dd98cad2946f25016fe0eb27ce076423b09819abc5dd09d24939a769
-
SHA512
0e76a0478a865305166f09d619f9fe95a07a54d1e591824f7b5ffd7726179b873104dcca281ae7ac10f1bc1ac18fffeebb45daaa4e4d73ebde6757a9031bfaf7
Malware Config
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 2 IoCs
resource yara_rule behavioral1/memory/1036-6-0x00000000046C0000-0x00000000046E9000-memory.dmp family_redline behavioral1/memory/1036-7-0x0000000004700000-0x0000000004727000-memory.dmp family_redline -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1036 1c7b5feef64697929d2b89c6e53e1642.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1036 1c7b5feef64697929d2b89c6e53e1642.exe