Analysis
-
max time kernel
23s -
max time network
24s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
12-02-2021 19:26
Static task
static1
Behavioral task
behavioral1
Sample
1019a49684d1fe54d86907d16d1bd90b.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
1019a49684d1fe54d86907d16d1bd90b.exe
Resource
win10v20201028
General
-
Target
1019a49684d1fe54d86907d16d1bd90b.exe
-
Size
387KB
-
MD5
1019a49684d1fe54d86907d16d1bd90b
-
SHA1
9a5089606f1c0eb094635de11f9567228d78e21f
-
SHA256
c434d4da9f9111e836666c93d246f062baa801b1fd098ab670c537353483bad0
-
SHA512
5832b8e7cdc4d677ceba57e771ed117ab191b3c7f6967cf90c5ab3a06cb1b7d647630c49df6bf43a25e06ea6b09329b46fbdd4b7fcca6507b72e7b0d35d3b990
Malware Config
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/324-7-0x0000000001E90000-0x0000000001EBE000-memory.dmp family_redline behavioral1/memory/324-16-0x0000000001FD0000-0x0000000001FFC000-memory.dmp family_redline -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
1019a49684d1fe54d86907d16d1bd90b.exepid process 324 1019a49684d1fe54d86907d16d1bd90b.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
1019a49684d1fe54d86907d16d1bd90b.exedescription pid process Token: SeDebugPrivilege 324 1019a49684d1fe54d86907d16d1bd90b.exe