Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
05-05-2021 11:16
Behavioral task
behavioral1
Sample
89562D324385EB107254B8AF6379426B.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
89562D324385EB107254B8AF6379426B.exe
Resource
win10v20210410
General
-
Target
89562D324385EB107254B8AF6379426B.exe
-
Size
87KB
-
MD5
89562d324385eb107254b8af6379426b
-
SHA1
bcf7675f164f85d85092cd2c9fe2085aebbcbe7d
-
SHA256
5312f25b2ddb5ca623a0b4aa73a43af58c217646afacf4dbd2995dacafa80c77
-
SHA512
c8cd7250cb24932023d9cd49f56d9c626115aa5c01fce29382aff02fe2f3c21598db3eeea185addd78acfe645649b125118b4f54f5414611dbd674227fc0083b
Malware Config
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
89562D324385EB107254B8AF6379426B.exepid process 368 89562D324385EB107254B8AF6379426B.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
89562D324385EB107254B8AF6379426B.exedescription pid process Token: SeDebugPrivilege 368 89562D324385EB107254B8AF6379426B.exe