Analysis
-
max time kernel
39s -
max time network
41s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
29-12-2022 09:56
Behavioral task
behavioral1
Sample
f2021905fccfb19a7bf42d92361cc9a1.exe
Resource
win7-20220812-en
General
-
Target
f2021905fccfb19a7bf42d92361cc9a1.exe
-
Size
175KB
-
MD5
f2021905fccfb19a7bf42d92361cc9a1
-
SHA1
00bdae4de3daf0d8af6735c5c480079940dda9e1
-
SHA256
a7b2814efdf0b1f62accf5214afda7866bf5a2d35056f2fd759bc0d85a291c71
-
SHA512
7f0dfc8638b0bdfc928ab43ad10c933747b68685e0c7780dc361a5df08322c90c72eef174f65eecfaf6d9f387b71afdf60222cc192141ececa4789cca5bd3737
-
SSDEEP
3072:J9xqZWBJaHEDgXQn79HuUUoeqQF7hBbxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUwm:JHqZVyJRUZ7h
Malware Config
Extracted
redline
sport
31.41.244.98:4063
-
auth_value
82cce55eeb56b322651e98032c09d225
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 784 f2021905fccfb19a7bf42d92361cc9a1.exe 784 f2021905fccfb19a7bf42d92361cc9a1.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 784 f2021905fccfb19a7bf42d92361cc9a1.exe