Analysis
-
max time kernel
31s -
max time network
35s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
15-05-2023 08:24
Behavioral task
behavioral1
Sample
0x0006000000014232-117.exe
Resource
win7-20230220-en
General
-
Target
0x0006000000014232-117.exe
-
Size
145KB
-
MD5
44de146a09ecfabd3d3a2e86f1693f0e
-
SHA1
61f16b72b1d0c9ff83248af72b7189e269f81e26
-
SHA256
2de4fc0c2c35a091aa10d0a26d711cf8b6a1d95325ea0d11fb1064d6c89aaf34
-
SHA512
f9b721c2999eb2ee3f33b807a0bf895a1aecbaa2988683fdd5057e5848bc866ca322e7068d4576cbb9f4510d8cffcdd2916b7e0d783738e184a5d4dcc5aa1e2a
-
SSDEEP
3072:5V+m5cVQmRSxIEN1MjdVti90hSZ18e8h4:5j49k90hSP
Malware Config
Extracted
redline
larry
185.161.248.75:4132
-
auth_value
9039557bb7a08f5f2f60e2b71e1dee0e
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
0x0006000000014232-117.exepid process 1048 0x0006000000014232-117.exe 1048 0x0006000000014232-117.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
0x0006000000014232-117.exedescription pid process Token: SeDebugPrivilege 1048 0x0006000000014232-117.exe