Analysis
-
max time kernel
46s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
17-09-2022 09:01
Behavioral task
behavioral1
Sample
bb47a6aaec9257b7cec0752bf08fdd90.exe
Resource
win7-20220812-en
General
-
Target
bb47a6aaec9257b7cec0752bf08fdd90.exe
-
Size
90KB
-
MD5
bb47a6aaec9257b7cec0752bf08fdd90
-
SHA1
3593fffd1543e6b74327c952a2fa04df4729e979
-
SHA256
427c8ca8a1406016d3f740e423a7f8a1dbcfdc58fe2732f91cd0ba9c4f335788
-
SHA512
db77e790c817d461779da7bc27e8608d3beaa9a75f0715b5fb09554f059c58ffc4a6027d24bc61bdd76b63785ed801393f79ae7145ff18d33248d2cf0e7c7e46
-
SSDEEP
1536:jWJw10zWK3hFxHuLhHVA9jvVuqdJIAw4br+JjCDf0YS15/DdzcGAm:aJNFxHchHV4TlPKCDfbS15/pzce
Malware Config
Extracted
redline
4
46.3.199.169:33511
-
auth_value
2969679b955ddf3bae375e17e0832e37
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
bb47a6aaec9257b7cec0752bf08fdd90.exepid process 1996 bb47a6aaec9257b7cec0752bf08fdd90.exe 1996 bb47a6aaec9257b7cec0752bf08fdd90.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
bb47a6aaec9257b7cec0752bf08fdd90.exedescription pid process Token: SeDebugPrivilege 1996 bb47a6aaec9257b7cec0752bf08fdd90.exe