Analysis
-
max time kernel
28s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
08-06-2023 09:32
Behavioral task
behavioral1
Sample
0x000300000000073b-171.exe
Resource
win7-20230220-en
General
-
Target
0x000300000000073b-171.exe
-
Size
172KB
-
MD5
0ffc748b85791434c23debce6399b3db
-
SHA1
be3f357bb22b535d8844a57f24db4bad3393543a
-
SHA256
169d08f7e20ee482eb9d58e5aff2d0fd98141305de520a800cdee446cf0679a9
-
SHA512
b2243f30f271b83d80fece19a6ad7e25469e45dfed800dd30d412a5e6cfe7a3cc0b4c6e710e10331fb6a29c064198e9715569d4c2794ebc0b955e686bf0e2673
-
SSDEEP
3072:Ea/jxl3pym/cbcryE2vs0xNQm2f9JiIE/ww8e8h1:EaNcwuqbdniIE/ww
Malware Config
Extracted
redline
maxi
83.97.73.129:19068
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
0x000300000000073b-171.exepid process 2024 0x000300000000073b-171.exe 2024 0x000300000000073b-171.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
0x000300000000073b-171.exedescription pid process Token: SeDebugPrivilege 2024 0x000300000000073b-171.exe