Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
22-07-2023 07:45
Static task
static1
Behavioral task
behavioral1
Sample
Moon Hack.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
Moon Hack.exe
Resource
win10v2004-20230703-en
General
-
Target
Moon Hack.exe
-
Size
1.3MB
-
MD5
b86d575cfbadc3aa88339316d0ede439
-
SHA1
7aa793a0998635397aab3df0f9b3e767c31364f8
-
SHA256
3b50875fcaf6c7b025b28174263cf78534749de54982fc52b296010ce838a7a2
-
SHA512
1b4a4ec20d0954f0f2d4d98de8b051e6ee7da315648d5e45ab2f24690dc3d97ec7543d8afb53c3df3833490e23023724caf66eec909b55e84747d89268c96927
-
SSDEEP
24576:0UW4INa580xo0GWFG4jQ1llLNhDaQV8VY8Rt3Z9ws:0Uz9O0xrGWFpQ1jLNhDaQWVY8Rt3Z9h
Malware Config
Extracted
redline
@dsfawderwe4128776rafsafsa
94.142.138.4:80
-
auth_value
0b59c02d0b9ebe415e380c8824e6b419
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1756 Moon Hack.exe 1756 Moon Hack.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1756 Moon Hack.exe