Analysis
-
max time kernel
21s -
max time network
20s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
21-03-2021 10:45
Static task
static1
Behavioral task
behavioral1
Sample
3c46d3c68ed699a71f4f2d2dc3bba980.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
3c46d3c68ed699a71f4f2d2dc3bba980.exe
Resource
win10v20201028
General
-
Target
3c46d3c68ed699a71f4f2d2dc3bba980.exe
-
Size
250KB
-
MD5
3c46d3c68ed699a71f4f2d2dc3bba980
-
SHA1
525b9a3367217f4bebafd2437ead9cb7c0c3ecb7
-
SHA256
35aac4dc4ab85c75852a93a573b654f275e6c1dcaae69cc3176c05271a097750
-
SHA512
4d0ebc550695a48998ce5b7d1b710de95223a149c08bee3f1b34f09c962127f145de3b3833bd51c19d4019b97101afbd98b1816ea4111f4ce52438ec4777bcb7
Malware Config
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
3c46d3c68ed699a71f4f2d2dc3bba980.exepid process 1012 3c46d3c68ed699a71f4f2d2dc3bba980.exe 1012 3c46d3c68ed699a71f4f2d2dc3bba980.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
3c46d3c68ed699a71f4f2d2dc3bba980.exedescription pid process Token: SeDebugPrivilege 1012 3c46d3c68ed699a71f4f2d2dc3bba980.exe