Analysis
-
max time kernel
31s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
12-06-2023 22:32
Static task
static1
Behavioral task
behavioral1
Sample
n4524297.exe
Resource
win7-20230220-en
General
-
Target
n4524297.exe
-
Size
255KB
-
MD5
5ba02be58f756c893ea27416ca4eb90d
-
SHA1
ee848cd893e07d967c849e5f8600e246f81c3fc9
-
SHA256
9e60f719f6c1ae293ad593dc093e5872bc1a7df340a54527e7a1c9186ad66712
-
SHA512
3c4670a3287531cc762ee270734a1ff967471b0dec146bcb87ddb4c0a80ee696b73ee87795c21f127d93f124972c114ec401677ec9165621c1388202503e97af
-
SSDEEP
3072:vMiBIHozcM2o5/rmRviNhLI1fbCeOYTpL6GXraZKegBc4054fxvwXZB:vMCI22OmqTMraEeFnqCZB
Malware Config
Extracted
redline
boris
83.97.73.129:19068
-
auth_value
205e4fccc0f8c7da1d56fb1da4ac5e6a
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
n4524297.exepid process 916 n4524297.exe 916 n4524297.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
n4524297.exedescription pid process Token: SeDebugPrivilege 916 n4524297.exe