Analysis
-
max time kernel
117s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
14-07-2023 23:06
Static task
static1
Behavioral task
behavioral1
Sample
e79c13a28916ebea69f02e12964f9a8c.exe
Resource
win7-20230712-en
General
-
Target
e79c13a28916ebea69f02e12964f9a8c.exe
-
Size
243KB
-
MD5
e79c13a28916ebea69f02e12964f9a8c
-
SHA1
b0a0b11f5c02aacf78cf85efcfc1b2848eec22ea
-
SHA256
5811521cf05b04befec57554827f8426ea8743bcca3c7838872d1f58e4149cbb
-
SHA512
791e585ff93f5f4b67897dca917c810a8ff793644be9e6a821e70f69c85ad2aeacc8f4b08e63b04cdf81eaf500ce7dd40795e540208a69ed2e7e96324f92f90c
-
SSDEEP
3072:XbGjTL3+5Pe2qFaguU9VoB90V7hEqzKwRxztCFtzr8OLbwANmz8Py5wiQ:sL3ce2qdDVy27wwR/CDrbb1mz8P3Z
Malware Config
Extracted
redline
LogsDiller Cloud (Telegram: @logsdillabot)
147.135.165.22:17748
-
auth_value
c2955ed3813a798683a185a82e949f88
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2256 e79c13a28916ebea69f02e12964f9a8c.exe 2256 e79c13a28916ebea69f02e12964f9a8c.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2256 e79c13a28916ebea69f02e12964f9a8c.exe