Analysis
-
max time kernel
132s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
14-07-2022 01:32
Behavioral task
behavioral1
Sample
48e43a3420b900e5f2cadf7a6c43eac594c3fac1a753ce80b58367920d36fa47.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
48e43a3420b900e5f2cadf7a6c43eac594c3fac1a753ce80b58367920d36fa47.exe
Resource
win10v2004-20220414-en
General
-
Target
48e43a3420b900e5f2cadf7a6c43eac594c3fac1a753ce80b58367920d36fa47.exe
-
Size
96KB
-
MD5
fa17295c47a1f3cac859f03ebdf57642
-
SHA1
f891d02d000eeef76e43b382d3e6cb5d2d46f4ea
-
SHA256
48e43a3420b900e5f2cadf7a6c43eac594c3fac1a753ce80b58367920d36fa47
-
SHA512
a98de3ee3c02a6f3961870cc273125798c5c92a81a3d6e5e381e9b8c3db034c390ea3b869ed1a2226dce49987d38a02ebd05827709975d4f33500e3b17a2d811
Malware Config
Extracted
redline
@Lampikkk
87.251.71.226:2997
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1708-54-0x0000000001240000-0x000000000125C000-memory.dmp family_redline -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
48e43a3420b900e5f2cadf7a6c43eac594c3fac1a753ce80b58367920d36fa47.exedescription pid process Token: SeDebugPrivilege 1708 48e43a3420b900e5f2cadf7a6c43eac594c3fac1a753ce80b58367920d36fa47.exe