Analysis
-
max time kernel
25s -
max time network
67s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
05-02-2021 19:21
Static task
static1
Behavioral task
behavioral1
Sample
4e622ee626caec7497e89442eeae4083.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
4e622ee626caec7497e89442eeae4083.exe
Resource
win10v20201028
General
-
Target
4e622ee626caec7497e89442eeae4083.exe
-
Size
235KB
-
MD5
4e622ee626caec7497e89442eeae4083
-
SHA1
39958ce2a0e9c43506a3b796ae7dd94e5317e430
-
SHA256
c4b04c108c2308b1bb0558cf3de4fc2b1357a8c112d7bc38c228874000b8a4bd
-
SHA512
0fbc24f6a3daef01e35dd63b3539b586f483aec8a79e02d8e17001869f73fcd6328787b241549a0ed40c6338b3fff35e6d6af4987699b114bfe59017f485fd88
Malware Config
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 2 IoCs
Processes:
resource yara_rule behavioral2/memory/828-7-0x00000000075F0000-0x000000000761C000-memory.dmp family_redline behavioral2/memory/828-12-0x0000000007660000-0x000000000768A000-memory.dmp family_redline -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
4e622ee626caec7497e89442eeae4083.exepid process 828 4e622ee626caec7497e89442eeae4083.exe 828 4e622ee626caec7497e89442eeae4083.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
4e622ee626caec7497e89442eeae4083.exedescription pid process Token: SeDebugPrivilege 828 4e622ee626caec7497e89442eeae4083.exe