Analysis
-
max time kernel
30s -
max time network
67s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
31-03-2021 12:51
Static task
static1
Behavioral task
behavioral1
Sample
483dfb5d1e3d6a2da44d470459421a38.exe
Resource
win7v20201028
General
-
Target
483dfb5d1e3d6a2da44d470459421a38.exe
-
Size
353KB
-
MD5
483dfb5d1e3d6a2da44d470459421a38
-
SHA1
8980996a8ff96f53eec4098e44145f8eb7cfaf26
-
SHA256
763523c1b4a8e9aa4583af76c6706ccac9df72244a3b8fc70ac81f864bcf7ed9
-
SHA512
222083e593404936edc5e4c436df7cf1826911d3d781022a3f938c390e600b27584ad548f02d3e3425aa1e9e72929fecd67ba9c7a81f178ecb09f524c92bcac9
Malware Config
Extracted
redline
vavilon
152.228.146.168:57727
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1404 483dfb5d1e3d6a2da44d470459421a38.exe 1404 483dfb5d1e3d6a2da44d470459421a38.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1404 483dfb5d1e3d6a2da44d470459421a38.exe