Analysis
-
max time kernel
31s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
18-06-2023 09:17
Static task
static1
Behavioral task
behavioral1
Sample
7c402f6df2bf1d64668b3c3188bd296c.exe
Resource
win7-20230220-en
General
-
Target
7c402f6df2bf1d64668b3c3188bd296c.exe
-
Size
336KB
-
MD5
7c402f6df2bf1d64668b3c3188bd296c
-
SHA1
c84fd515d45877f57d36c46f5db757b700e2ee12
-
SHA256
4a509624369002589a8604133012f49600936974f8c21c09feeb24f2773ec0ba
-
SHA512
e7f54d20919a8cc3d6809790ce7f2c7f4e69a6bdd8a6548b9e1abbb5ba0dd7e386dd3be0ee5725e0c29aa2e70719a2a0a92646d8fd7137359e126838269f540f
-
SSDEEP
6144:p95AU6AcOt3vifASt7u3sLXDEKO7QJQmL:pXAZA7tfipLjDfEQJQmL
Malware Config
Extracted
redline
jason
83.97.73.129:19071
-
auth_value
87d1dc01751f148e9bec02edc71c5d94
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
7c402f6df2bf1d64668b3c3188bd296c.exepid process 1676 7c402f6df2bf1d64668b3c3188bd296c.exe 1676 7c402f6df2bf1d64668b3c3188bd296c.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
7c402f6df2bf1d64668b3c3188bd296c.exedescription pid process Token: SeDebugPrivilege 1676 7c402f6df2bf1d64668b3c3188bd296c.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1676-54-0x0000000000400000-0x0000000000453000-memory.dmpFilesize
332KB
-
memory/1676-55-0x0000000000230000-0x0000000000260000-memory.dmpFilesize
192KB
-
memory/1676-59-0x00000000003F0000-0x00000000003F6000-memory.dmpFilesize
24KB
-
memory/1676-60-0x00000000046A0000-0x00000000046E0000-memory.dmpFilesize
256KB