Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
05-05-2021 11:16
General
-
Target
89562D324385EB107254B8AF6379426B.exe
-
Size
87KB
-
MD5
89562d324385eb107254b8af6379426b
-
SHA1
bcf7675f164f85d85092cd2c9fe2085aebbcbe7d
-
SHA256
5312f25b2ddb5ca623a0b4aa73a43af58c217646afacf4dbd2995dacafa80c77
-
SHA512
c8cd7250cb24932023d9cd49f56d9c626115aa5c01fce29382aff02fe2f3c21598db3eeea185addd78acfe645649b125118b4f54f5414611dbd674227fc0083b
Score
10/10
Malware Config
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\89562D324385EB107254B8AF6379426B.exe"C:\Users\Admin\AppData\Local\Temp\89562D324385EB107254B8AF6379426B.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/368-59-0x0000000000B60000-0x0000000000B61000-memory.dmpFilesize
4KB
-
memory/368-61-0x0000000004D40000-0x0000000004D41000-memory.dmpFilesize
4KB