Analysis
-
max time kernel
150s -
max time network
42s -
platform
windows7_x64 -
resource
win7-20220715-en -
resource tags
arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system -
submitted
05-08-2022 22:51
Behavioral task
behavioral1
Sample
470ee74f5b7860612c61d973ca12d32b6d8cccb1caf6828d99d79134d6eed9cb.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
470ee74f5b7860612c61d973ca12d32b6d8cccb1caf6828d99d79134d6eed9cb.exe
Resource
win10v2004-20220721-en
General
-
Target
470ee74f5b7860612c61d973ca12d32b6d8cccb1caf6828d99d79134d6eed9cb.exe
-
Size
100KB
-
MD5
72a36d3a94a35cf830b86ff67a34b61b
-
SHA1
d3e60eb1cf0efc15e0cc51a7c1ec3ed7ae872659
-
SHA256
470ee74f5b7860612c61d973ca12d32b6d8cccb1caf6828d99d79134d6eed9cb
-
SHA512
efa84552e665ed95b859f5cd53264421bad8c80ffee5a7639bd47c5f23815eced5d181428c0aae52a49362f6c9028b3a5bcb5f290c1c7b11011ed5c503002180
Malware Config
Extracted
redline
NCanal01
pupdatastart.tech:80
pupdatastart.xyz:80
pupdatastar.store:80
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1672-54-0x0000000000D30000-0x0000000000D4E000-memory.dmp family_redline -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
470ee74f5b7860612c61d973ca12d32b6d8cccb1caf6828d99d79134d6eed9cb.exedescription pid process Token: SeDebugPrivilege 1672 470ee74f5b7860612c61d973ca12d32b6d8cccb1caf6828d99d79134d6eed9cb.exe