Analysis
-
max time kernel
117s -
max time network
124s -
platform
windows10_x64 -
resource
win10-en-20211014 -
submitted
24-10-2021 13:31
Static task
static1
Behavioral task
behavioral1
Sample
1954eb49f231c2a70291889f5b12331953adf76f1e417.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
1954eb49f231c2a70291889f5b12331953adf76f1e417.exe
Resource
win10-en-20211014
General
-
Target
1954eb49f231c2a70291889f5b12331953adf76f1e417.exe
-
Size
407KB
-
MD5
f65bef156e7fe9ad83b9bf3936fb53b9
-
SHA1
51a9ce72d9f222ec08ca7b99e2bd724ea567db16
-
SHA256
1954eb49f231c2a70291889f5b12331953adf76f1e4179c87b7b9cd871079d28
-
SHA512
fbbe57102523d44d65488a37661e023a55a9764f482fa99af023e38fc736b1aafdbd42fe194ef141f805f76e293d641979bd4ac302be889ac4c83df45a7e8352
Malware Config
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 2 IoCs
Processes:
resource yara_rule behavioral2/memory/4396-118-0x0000000002EA0000-0x0000000002EBC000-memory.dmp family_redline behavioral2/memory/4396-123-0x0000000003120000-0x000000000313B000-memory.dmp family_redline -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
1954eb49f231c2a70291889f5b12331953adf76f1e417.exedescription pid process Token: SeDebugPrivilege 4396 1954eb49f231c2a70291889f5b12331953adf76f1e417.exe