Analysis
-
max time kernel
25s -
max time network
23s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
02-05-2021 14:02
Static task
static1
Behavioral task
behavioral1
Sample
a62c5a454bd3521279f0fa4c7f1a4d65.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
a62c5a454bd3521279f0fa4c7f1a4d65.exe
Resource
win10v20210410
General
-
Target
a62c5a454bd3521279f0fa4c7f1a4d65.exe
-
Size
92KB
-
MD5
a62c5a454bd3521279f0fa4c7f1a4d65
-
SHA1
e6f947f2fdd3e098a2430d8f7ff16f715ad22325
-
SHA256
02dc6be1236619f66bc7dc620221572065a1bc78169c663541522baaa96713b5
-
SHA512
5f4d1b0ddfe7b6f8eed381e6998b555c7cb80a3029d0e1f273380ace325412a6cbe45f3b0e50e565b7a6fd10d86fc75b4993b3cd0b2bec607e7731a87015f777
Malware Config
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
a62c5a454bd3521279f0fa4c7f1a4d65.exepid process 1672 a62c5a454bd3521279f0fa4c7f1a4d65.exe 1672 a62c5a454bd3521279f0fa4c7f1a4d65.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
a62c5a454bd3521279f0fa4c7f1a4d65.exedescription pid process Token: SeDebugPrivilege 1672 a62c5a454bd3521279f0fa4c7f1a4d65.exe