Analysis
-
max time kernel
150s -
max time network
92s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
04-06-2021 10:48
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.PWS.Stealer.30553.25052.24916.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.PWS.Stealer.30553.25052.24916.exe
Resource
win10v20210410
General
-
Target
SecuriteInfo.com.Trojan.PWS.Stealer.30553.25052.24916.exe
-
Size
92KB
-
MD5
b51dff037d329ad3eda0092344075957
-
SHA1
eb488926c64482727e331371dff2aab91527f6e2
-
SHA256
b4068adb43934070338e61f725163bef08368f820485fc3b2ed288608f8c9e8d
-
SHA512
026ac3a8f468d2ca5d458ec78924dd43e90e7cc9b69330994715158814e3798ad751f31b7e698303ace0f00f9bbad208d5969f6441bbb83be5f3745edb972b5f
Malware Config
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
SecuriteInfo.com.Trojan.PWS.Stealer.30553.25052.24916.exepid process 1948 SecuriteInfo.com.Trojan.PWS.Stealer.30553.25052.24916.exe 1948 SecuriteInfo.com.Trojan.PWS.Stealer.30553.25052.24916.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
SecuriteInfo.com.Trojan.PWS.Stealer.30553.25052.24916.exedescription pid process Token: SeDebugPrivilege 1948 SecuriteInfo.com.Trojan.PWS.Stealer.30553.25052.24916.exe