Analysis
-
max time kernel
32s -
max time network
33s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
16-01-2021 07:29
General
-
Target
62a673b9a25cc6b1bb6d7d010e206cc5.exe
-
Size
344KB
-
MD5
62a673b9a25cc6b1bb6d7d010e206cc5
-
SHA1
e0c91f3ff756d9ef92e196a8243a314c8da6367d
-
SHA256
fa123f422564ed8b12034d2fdecbafb53d8df264aa6d0fbfadaddd89c9e5ac5d
-
SHA512
688e9023423a3afc7fded4c255dbb75510a2889c264439b9960afc78932dc5b5bf36899517eb21ddcd855a9f516f82ac4691746c42ff13ba943a617f384ca22a
Score
10/10
Malware Config
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 2 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\62a673b9a25cc6b1bb6d7d010e206cc5.exe"C:\Users\Admin\AppData\Local\Temp\62a673b9a25cc6b1bb6d7d010e206cc5.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
6.9MB
-
Filesize
164KB
-
Filesize
156KB