Analysis
-
max time kernel
32s -
max time network
30s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
02-03-2021 11:00
General
-
Target
06b5b218144e07d2a4239c970c1325f824b6a94101fb3ce4ac9269b7de58999f.exe
-
Size
264KB
-
MD5
d792480ae0bbc67057909ec1408df18b
-
SHA1
5f695a77b254625106dd5b86ff515561fa1ddc60
-
SHA256
06b5b218144e07d2a4239c970c1325f824b6a94101fb3ce4ac9269b7de58999f
-
SHA512
2f852d0d04a50d2b466c3a424b4df7ebadcb51c3c57709a0aedd5ef9bdd02e2cb268dc0cbe0f21c3b79bc27b9a84cae76c68d3a5d67efdf10566f5427fc8c9cb
Score
10/10
Malware Config
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\06b5b218144e07d2a4239c970c1325f824b6a94101fb3ce4ac9269b7de58999f.exe"C:\Users\Admin\AppData\Local\Temp\06b5b218144e07d2a4239c970c1325f824b6a94101fb3ce4ac9269b7de58999f.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1752-2-0x00000000741E0000-0x00000000748CE000-memory.dmpFilesize
6.9MB
-
memory/1752-3-0x00000000010D0000-0x00000000010D1000-memory.dmpFilesize
4KB
-
memory/1752-5-0x0000000000BA0000-0x0000000000BA1000-memory.dmpFilesize
4KB