Analysis
-
max time kernel
39s -
max time network
43s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
20-06-2022 11:45
Behavioral task
behavioral1
Sample
b323d8d6dc81377e0cbf869a6dfdea9b.exe
Resource
win7-20220414-en
General
-
Target
b323d8d6dc81377e0cbf869a6dfdea9b.exe
-
Size
91KB
-
MD5
b323d8d6dc81377e0cbf869a6dfdea9b
-
SHA1
2c6d338551dc326a94f906275a209667779c9202
-
SHA256
a6da5c90d33a9a4eb16cd7d56af7b300d4acf17ae935d84f7287ceb17fdfb4a2
-
SHA512
98db9389e2e96702c44f503a60d19f28a5bacab83f985e8c46eab47a5c93c7f4017f5c8c4019d9307213acd2cc720d5589c1fb16f11ecc90bf2bd64de45ae0e6
Malware Config
Extracted
redline
2
vedolevyle.xyz:80
-
auth_value
9466b2ff70a6bdedf5ecba929746e91c
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
b323d8d6dc81377e0cbf869a6dfdea9b.exepid process 1056 b323d8d6dc81377e0cbf869a6dfdea9b.exe 1056 b323d8d6dc81377e0cbf869a6dfdea9b.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
b323d8d6dc81377e0cbf869a6dfdea9b.exedescription pid process Token: SeDebugPrivilege 1056 b323d8d6dc81377e0cbf869a6dfdea9b.exe