Analysis
-
max time kernel
18s -
max time network
17s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
12-02-2021 19:14
Static task
static1
Behavioral task
behavioral1
Sample
0d1a909e91e6daecfcbc3de24e5959f0.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
0d1a909e91e6daecfcbc3de24e5959f0.exe
Resource
win10v20201028
General
-
Target
0d1a909e91e6daecfcbc3de24e5959f0.exe
-
Size
387KB
-
MD5
0d1a909e91e6daecfcbc3de24e5959f0
-
SHA1
893360e275da08741506f4c8d1a7bcce4c2e8950
-
SHA256
ef8dc2b4c4b327b65fa0332afd58c2172f1bac69d6b1d15037cd4878cfdd96df
-
SHA512
19bf465946517e7b95aaf0c5ad51f6909bde4a7b4ac20da98187a82328af137d9bb77e5f2267883273339091c7ee534fc71eaafa9d6a33c926834d52bf8c71ab
Malware Config
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/776-5-0x00000000020D0000-0x00000000020FE000-memory.dmp family_redline behavioral1/memory/776-6-0x0000000004710000-0x000000000473C000-memory.dmp family_redline -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
0d1a909e91e6daecfcbc3de24e5959f0.exepid process 776 0d1a909e91e6daecfcbc3de24e5959f0.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
0d1a909e91e6daecfcbc3de24e5959f0.exedescription pid process Token: SeDebugPrivilege 776 0d1a909e91e6daecfcbc3de24e5959f0.exe