Analysis
-
max time kernel
128s -
max time network
176s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
01/05/2023, 20:11
Behavioral task
behavioral1
Sample
stub.exe
Resource
win7-20230220-en
General
-
Target
stub.exe
-
Size
66KB
-
MD5
c80f44f67aa862099f67866a26e84253
-
SHA1
e55c67dc7a05b0a1a32c30b66431642c075e6724
-
SHA256
cd279fe4806f1925c2985f4a3f4a0052b140e85ffad9a2e46b27f8ff2cd99baa
-
SHA512
9e609170436eda8479d442d93a29eaef191227c0dd56ed21ac5cac64c6436b57c17e33aac4f3f3d47c04cce41236d6f224bf4e004e65e0470239916fe402ecf0
-
SSDEEP
1536:n2UukvF1tkk/hEYRo2NQphePvUgcKu5UYF17uKRlME0IbpUCY1KwrCrCVx:n2JkvF1tkXKu5UYF17uSyEpbpy46x
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
Default
bahrdevo.endoftheinternet.org:6606
bahrdevo.endoftheinternet.org:7707
bahrdevo.endoftheinternet.org:8808
AsyncMutex_gekPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Signatures
-
Detects Redline Stealer samples 1 IoCs
This rule detects the presence of Redline Stealer samples based on their unique strings.
resource yara_rule behavioral2/memory/1160-140-0x0000000006400000-0x0000000006466000-memory.dmp redline_stealer -
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Async RAT payload 1 IoCs
resource yara_rule behavioral2/memory/1160-133-0x0000000000610000-0x0000000000626000-memory.dmp asyncrat -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1160 stub.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1160 stub.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1160 stub.exe