Analysis
-
max time kernel
28s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
26-05-2023 10:47
Behavioral task
behavioral1
Sample
0x000600000001aecd-146.exe
Resource
win7-20230220-en
General
-
Target
0x000600000001aecd-146.exe
-
Size
145KB
-
MD5
2d406e63582072640e5463b1675c9ce1
-
SHA1
a166cacffe48a4e2040ef440d128f5f7638eb03d
-
SHA256
47f084d61e29c5928d3df746d6d5c9f619813644a3660abb2f3db6d9a3213c9a
-
SHA512
7024e5acf529cb6dd16f5337e94a63a5a046d8ad71bda88b4f9dfc0f481cf5cfd71fce55e778aa0182c21002d84bb72762d3384c49dbb9d78bd78d5a4021b13a
-
SSDEEP
3072:yV+m5crQmRSR38/OxTH25OjNkphoZR8e8h5:yjCZMgekphoL
Malware Config
Extracted
redline
disa
83.97.73.122:19062
-
auth_value
93f8c4ca7000e3381dd4b6b86434de05
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
0x000600000001aecd-146.exepid process 1204 0x000600000001aecd-146.exe 1204 0x000600000001aecd-146.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
0x000600000001aecd-146.exedescription pid process Token: SeDebugPrivilege 1204 0x000600000001aecd-146.exe