Analysis
-
max time kernel
31s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
30-05-2023 08:20
Behavioral task
behavioral1
Sample
0x000800000001231b-94.exe
Resource
win7-20230220-en
General
-
Target
0x000800000001231b-94.exe
-
Size
168KB
-
MD5
57467423c3293e40a87a29e175f9ec0d
-
SHA1
9ce796733af191dda6492f804e7c245318f93c4b
-
SHA256
2eb50b7e30743074c7209ba5273f5dcddd76bfe3bc841182d2712e49e5c9ba53
-
SHA512
e965c6bf7e3b004f524d33d1981e858ffb52e21790219331ea44717d7aaf702204a066417bfded74675649b35e0702f225847b00835e95000c77af30ce85c2a3
-
SSDEEP
3072:VhiT18W0w+HghB4zEqVUcOdb81rb/Dx8e8hV:VhW0ZBEbTdurb/Dx
Malware Config
Extracted
redline
lizsa
83.97.73.127:19045
-
auth_value
44b0b71b36e78465dbdebb4ecfb78b77
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
0x000800000001231b-94.exepid process 1740 0x000800000001231b-94.exe 1740 0x000800000001231b-94.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
0x000800000001231b-94.exedescription pid process Token: SeDebugPrivilege 1740 0x000800000001231b-94.exe