Analysis
-
max time kernel
22s -
max time network
24s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
05-08-2021 01:51
Behavioral task
behavioral1
Sample
6621C0E6B6A64C9244B3FEA0FD8E662D.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
6621C0E6B6A64C9244B3FEA0FD8E662D.exe
Resource
win10v20210410
General
-
Target
6621C0E6B6A64C9244B3FEA0FD8E662D.exe
-
Size
98KB
-
MD5
6621c0e6b6a64c9244b3fea0fd8e662d
-
SHA1
f9ef8d8b7a6d1ad92971e35d96d36642e18a1f8d
-
SHA256
0ccfbc16ae8b084b8ea6c8585ec8973f78304e18ad0317b51beca03c5c0eb499
-
SHA512
6fd6e7b02bab94f9d23f1d407dd069d72c31819b6823fd8dcf2989bd165dd6b840d44afcaa5b3fd7d2063d36ad83f528b0112aa0c235c980f9387d0260c72589
Malware Config
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
6621C0E6B6A64C9244B3FEA0FD8E662D.exepid process 1824 6621C0E6B6A64C9244B3FEA0FD8E662D.exe 1824 6621C0E6B6A64C9244B3FEA0FD8E662D.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
6621C0E6B6A64C9244B3FEA0FD8E662D.exedescription pid process Token: SeDebugPrivilege 1824 6621C0E6B6A64C9244B3FEA0FD8E662D.exe