Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
23/07/2023, 05:28
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.RansomX-gen.3899.30061.exe
Resource
win7-20230712-en
General
-
Target
SecuriteInfo.com.Win32.RansomX-gen.3899.30061.exe
-
Size
350KB
-
MD5
a9ca2564b8ba4c5a328adb81bf8f2f67
-
SHA1
5b142fdd633ee1f4819a98a49d6c9867f5638d32
-
SHA256
9ccb84385e5d1d1ed1502fe3e0270f56b5838b5682bbd154ba2700684663d927
-
SHA512
bfcfa2c11af20bbbc01ab11bbb6c00dbe4c4814b09cf1e7aaf0f9831b6ff7d55d5ed38778cbeedbb2753ff3decd6e2fba4529a75677b5b8a2ab79d428868515a
-
SSDEEP
6144:OlncTahBlE2FGKHxkHpBK/ojJqVIWGEirMkipfjZ8VmTEi4/B:Snc+XlE2xGHpAgNqWWG3yp188Ej
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
178.32.90.250:29608
-
auth_value
3a050df92d0cf082b2cdaf87863616be
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2096 SecuriteInfo.com.Win32.RansomX-gen.3899.30061.exe 2096 SecuriteInfo.com.Win32.RansomX-gen.3899.30061.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2096 SecuriteInfo.com.Win32.RansomX-gen.3899.30061.exe