Analysis
-
max time kernel
31s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
12-06-2023 22:32
Static task
static1
Behavioral task
behavioral1
Sample
i5274199.exe
Resource
win7-20230220-en
General
-
Target
i5274199.exe
-
Size
255KB
-
MD5
237f21cf70ee646ba45ef8f25567e376
-
SHA1
1c2c8f4ddc0b7065b1b250fc2b6e0d7d102238b0
-
SHA256
79f08c4fd32a89c0d00a0f74669421fa36a7e1dab0fe8ccdb614fafa34cb246b
-
SHA512
f797418469d79c4c7b4b05bf41bc702e0d1a432dfb8fc2088ebc5ebab3277322af7fc8cf881077b1ad38d9fc8c123a0df270d913f969888b74d48af8d0a63fdb
-
SSDEEP
3072:vMiBIHozcM2o5/rmRviNhLI1fbCeOYTpL6GXraZKegBc4054fxvwXZBa:vMCI22OmqTMraEeFnqCZBa
Malware Config
Extracted
redline
boris
83.97.73.129:19068
-
auth_value
205e4fccc0f8c7da1d56fb1da4ac5e6a
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
i5274199.exepid process 1180 i5274199.exe 1180 i5274199.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
i5274199.exedescription pid process Token: SeDebugPrivilege 1180 i5274199.exe