Analysis
-
max time kernel
110s -
max time network
124s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
26-01-2022 10:41
Static task
static1
Behavioral task
behavioral1
Sample
928e275860e9c07e7514c31880bb6561.exe
Resource
win7-en-20211208
General
-
Target
928e275860e9c07e7514c31880bb6561.exe
-
Size
443KB
-
MD5
928e275860e9c07e7514c31880bb6561
-
SHA1
25d6ea860b9bc71eda50ce7df06127a2431cebf4
-
SHA256
d5d3955dafe311670cc04160848219c88dfefb3b24ffad57c4def516d9cf8cb3
-
SHA512
9ddc12cffc5f96df40d18921905c3fc095197b63274fd9a0320e8e481484c5cf2b589fb6b0d4ba674f99f46a4aedb19f431f272b57a63a5624fd30778ef6aa6d
Malware Config
Extracted
redline
noname
185.215.113.29:20819
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 2 IoCs
Processes:
resource yara_rule behavioral2/memory/3552-115-0x0000000002320000-0x0000000002354000-memory.dmp family_redline behavioral2/memory/3552-121-0x0000000002730000-0x0000000002762000-memory.dmp family_redline -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
928e275860e9c07e7514c31880bb6561.exedescription pid process Token: SeDebugPrivilege 3552 928e275860e9c07e7514c31880bb6561.exe