Analysis
-
max time kernel
19s -
max time network
53s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
17-08-2021 10:34
Static task
static1
Behavioral task
behavioral1
Sample
2093d467e65e9dbad2a55577d9f8d396.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
2093d467e65e9dbad2a55577d9f8d396.exe
Resource
win10v20210410
General
-
Target
2093d467e65e9dbad2a55577d9f8d396.exe
-
Size
100KB
-
MD5
2093d467e65e9dbad2a55577d9f8d396
-
SHA1
c1e80273574c80a82b90d021212d784c7a90ee4a
-
SHA256
3de11e9ba2b8db6be4069506a95bc31250d8ae8d0df5e8fec66121a05f1ccbc6
-
SHA512
b2a394cb9f444b14114d976745f2b36301a2b17954963fb8c54f384d9c069bfea5c05f2840f733d0a6eee12d643e02a4fe19eefa64195b73a32e5d53e9cbb920
Malware Config
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
2093d467e65e9dbad2a55577d9f8d396.exepid process 1644 2093d467e65e9dbad2a55577d9f8d396.exe 1644 2093d467e65e9dbad2a55577d9f8d396.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
2093d467e65e9dbad2a55577d9f8d396.exedescription pid process Token: SeDebugPrivilege 1644 2093d467e65e9dbad2a55577d9f8d396.exe