Analysis
-
max time kernel
21s -
max time network
104s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
20-03-2021 08:23
Static task
static1
Behavioral task
behavioral1
Sample
914f0131854c868ce96f1dbeebcd8edd.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
914f0131854c868ce96f1dbeebcd8edd.exe
Resource
win10v20201028
General
-
Target
914f0131854c868ce96f1dbeebcd8edd.exe
-
Size
287KB
-
MD5
914f0131854c868ce96f1dbeebcd8edd
-
SHA1
3dae201dfbe0155bfaa2ebdb0324f8938537a61a
-
SHA256
807e65fc407c3d9f024b10e8cfb20c2e10ad067aa217fe97ec1b075c24dbc936
-
SHA512
720fab9db81b5dae8de9528f68747b2ba4495b53388e53558663d85a6eb1a261dc34dd98032f6a20e3b90e723d1bc177ea772724961caafe5ab7d21308343522
Malware Config
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
914f0131854c868ce96f1dbeebcd8edd.exepid process 1144 914f0131854c868ce96f1dbeebcd8edd.exe 1144 914f0131854c868ce96f1dbeebcd8edd.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
914f0131854c868ce96f1dbeebcd8edd.exedescription pid process Token: SeDebugPrivilege 1144 914f0131854c868ce96f1dbeebcd8edd.exe