Analysis
-
max time kernel
4294180s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20220310-en -
submitted
12-04-2022 19:02
Static task
static1
Behavioral task
behavioral1
Sample
115cc65e91a90be872ac728e0e377d86.exe
Resource
win7-20220310-en
Behavioral task
behavioral2
Sample
115cc65e91a90be872ac728e0e377d86.exe
Resource
win10v2004-20220331-en
General
-
Target
115cc65e91a90be872ac728e0e377d86.exe
-
Size
363KB
-
MD5
115cc65e91a90be872ac728e0e377d86
-
SHA1
f975b56f9b3edcfe318e889a33ef24031cc26570
-
SHA256
8930f6f934a64dcf090b74709b4ea5863559adf17ac180cca74eaa06d7e1c22d
-
SHA512
de399be5769dbfeb51b0abff35e6e67b5ef59a81b335918cf1ee701c907c0e476b7f067f7646b4ab71e6b01cc071773ef94f3d2d01141b67959c356cf4ddca9f
Malware Config
Extracted
redline
50
193.106.191.153:23196
-
auth_value
8735fcb130c82dd9d353478678d60bde
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1748 115cc65e91a90be872ac728e0e377d86.exe 1748 115cc65e91a90be872ac728e0e377d86.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1748 115cc65e91a90be872ac728e0e377d86.exe