Analysis
-
max time kernel
28s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
15-06-2023 01:39
Behavioral task
behavioral1
Sample
0x0008000000012355-118.exe
Resource
win7-20230220-en
General
-
Target
0x0008000000012355-118.exe
-
Size
172KB
-
MD5
bcf2f1e261b7a3d2d1e1b2a44d40d7ef
-
SHA1
c4427f3fe9d4ad41ce742434592a032ec0acd345
-
SHA256
7a7a4ce0f0424d488bef664e3144260aa4fdfb19fae8ebde6b5f8c5ed7b34b85
-
SHA512
06f53602bd7e889349eb54446ca13c41f8a7687e99f252c553fbb027d26f2406671c914acf7a962226c46cf398e6fbcc62b3151e564b50a9ccfefc3e3887e3a4
-
SSDEEP
1536:skPZ36sv0W7TVOn0urHrj7mZvDZZTwIt1xN9UYQrfbutXN3o0oQo0GkRY8e8hL:skXYz3slZvt1xNZOqG0oQob8e8hL
Malware Config
Extracted
redline
maxi
83.97.73.130:19061
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
0x0008000000012355-118.exepid process 824 0x0008000000012355-118.exe 824 0x0008000000012355-118.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
0x0008000000012355-118.exedescription pid process Token: SeDebugPrivilege 824 0x0008000000012355-118.exe