Analysis
-
max time kernel
43s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
29-01-2023 21:24
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
General
-
Target
file.exe
-
Size
175KB
-
MD5
2d0151747adb6fdee710037a405e1b54
-
SHA1
07a5328ee173fc22ef8432d362422c09f30b70bf
-
SHA256
df2d0a6a35f6653c8e5e2e3e8d7184b39c490b0e8b091ad85428aa47165ccbf0
-
SHA512
4cd57d565526b1da86bdf5388376e29053727f391bceb94e8e0470946d2381a9624e5e3ae266bb4cf76d22a1f3933a6b334a98281d866f681d96e88e4bb19212
-
SSDEEP
3072:ExqZWdNaDUSkPupeUaUwxe4q9dhQ3xNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jn:aqZUupeLnUdh
Malware Config
Extracted
redline
Meta
170.187.197.210:47271
-
auth_value
01ac374fd5de16cd3ec0cb7fce77600f
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
file.exepid process 1356 file.exe 1356 file.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
file.exedescription pid process Token: SeDebugPrivilege 1356 file.exe