Analysis
-
max time kernel
144s -
max time network
139s -
platform
windows7_x64 -
resource
win7-en-20210920 -
submitted
26-09-2021 20:57
Behavioral task
behavioral1
Sample
RedLine_Stage4.exe
Resource
win7-en-20210920
windows7_x64
0 signatures
0 seconds
General
-
Target
RedLine_Stage4.exe
-
Size
118KB
-
MD5
f0f9a9448f7a0494d9bf6e11694bfce0
-
SHA1
e3d5c8af3b294813b562fead751cc5c2f5c8a51c
-
SHA256
2fe3f6fc8b9b9f4d1bddc0e97ddd64229da2a069cf199bcd435d14a3e27e4e19
-
SHA512
6e65ca507544ffe889020f61f1020aac0c3d2569985bb740ecfdbaae1c46ffaa0540dd19ca9a7a07ad31c0a743e5bb49f94cedaf585e2cccd0cecf02b7516f02
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
RedLine_Stage4.exepid process 1128 RedLine_Stage4.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
RedLine_Stage4.exedescription pid process Token: SeDebugPrivilege 1128 RedLine_Stage4.exe