Analysis
-
max time kernel
32s -
max time network
30s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
02-03-2021 11:00
Static task
static1
Behavioral task
behavioral1
Sample
06b5b218144e07d2a4239c970c1325f824b6a94101fb3ce4ac9269b7de58999f.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
06b5b218144e07d2a4239c970c1325f824b6a94101fb3ce4ac9269b7de58999f.exe
Resource
win10v20201028
General
-
Target
06b5b218144e07d2a4239c970c1325f824b6a94101fb3ce4ac9269b7de58999f.exe
-
Size
264KB
-
MD5
d792480ae0bbc67057909ec1408df18b
-
SHA1
5f695a77b254625106dd5b86ff515561fa1ddc60
-
SHA256
06b5b218144e07d2a4239c970c1325f824b6a94101fb3ce4ac9269b7de58999f
-
SHA512
2f852d0d04a50d2b466c3a424b4df7ebadcb51c3c57709a0aedd5ef9bdd02e2cb268dc0cbe0f21c3b79bc27b9a84cae76c68d3a5d67efdf10566f5427fc8c9cb
Malware Config
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
06b5b218144e07d2a4239c970c1325f824b6a94101fb3ce4ac9269b7de58999f.exepid process 1752 06b5b218144e07d2a4239c970c1325f824b6a94101fb3ce4ac9269b7de58999f.exe 1752 06b5b218144e07d2a4239c970c1325f824b6a94101fb3ce4ac9269b7de58999f.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
06b5b218144e07d2a4239c970c1325f824b6a94101fb3ce4ac9269b7de58999f.exedescription pid process Token: SeDebugPrivilege 1752 06b5b218144e07d2a4239c970c1325f824b6a94101fb3ce4ac9269b7de58999f.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\06b5b218144e07d2a4239c970c1325f824b6a94101fb3ce4ac9269b7de58999f.exe"C:\Users\Admin\AppData\Local\Temp\06b5b218144e07d2a4239c970c1325f824b6a94101fb3ce4ac9269b7de58999f.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken