Analysis
-
max time kernel
26s -
max time network
110s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
13-02-2021 11:30
Static task
static1
Behavioral task
behavioral1
Sample
C637.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
C637.exe
Resource
win10v20201028
General
-
Target
C637.exe
-
Size
235KB
-
MD5
f350e12541835a5eee54cf0d5a5aa5f4
-
SHA1
68a33f9ceb9fce762638aea0349f5a8410968262
-
SHA256
4d788f0e1a3be7d6e706fcba03282ae62a0ab8df95014feb9f026bce5ddff089
-
SHA512
aa14ca6d6fac284330ede40c5998b33303da1556d83329e798a3e1ee7531920131816014b0550b98986aeef6f5ecfddb87092f9408dea28d314e7416711a7878
Malware Config
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 2 IoCs
Processes:
resource yara_rule behavioral2/memory/668-7-0x0000000002610000-0x000000000263E000-memory.dmp family_redline behavioral2/memory/668-12-0x0000000004B90000-0x0000000004BBC000-memory.dmp family_redline -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
C637.exepid process 668 C637.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
C637.exedescription pid process Token: SeDebugPrivilege 668 C637.exe