Analysis
-
max time kernel
125s -
max time network
132s -
platform
windows10-1703_x64 -
resource
win10-20230703-en -
resource tags
arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system -
submitted
06-08-2023 21:15
Static task
static1
Behavioral task
behavioral1
Sample
cc7bcb15df19d5cb4f94968171c86ae63b46e2ce4a91a95e5f483c84310c9513.exe
Resource
win10-20230703-en
General
-
Target
cc7bcb15df19d5cb4f94968171c86ae63b46e2ce4a91a95e5f483c84310c9513.exe
-
Size
372KB
-
MD5
2640448dc9db67ddafa948aacbd344f1
-
SHA1
4f394c8da70edc5b7a920dae0fadbba8db8cb339
-
SHA256
cc7bcb15df19d5cb4f94968171c86ae63b46e2ce4a91a95e5f483c84310c9513
-
SHA512
77635735c11496b4634836e9b223426bdcb4a906f65d316fb72106c58510a0bfee05286ae1fabd753af049c83f48d1dffdb3aa9b957108418e5e337942bf1242
-
SSDEEP
6144:LNosZWbR1wQYrrHCQ+FmyxX+7Hc05SbuxpjITj:RoAW11JTsyxXE8USSNIT
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
51.89.201.49:6932
-
auth_value
3a050df92d0cf082b2cdaf87863616be
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2520 cc7bcb15df19d5cb4f94968171c86ae63b46e2ce4a91a95e5f483c84310c9513.exe 2520 cc7bcb15df19d5cb4f94968171c86ae63b46e2ce4a91a95e5f483c84310c9513.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2520 cc7bcb15df19d5cb4f94968171c86ae63b46e2ce4a91a95e5f483c84310c9513.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\cc7bcb15df19d5cb4f94968171c86ae63b46e2ce4a91a95e5f483c84310c9513.exe"C:\Users\Admin\AppData\Local\Temp\cc7bcb15df19d5cb4f94968171c86ae63b46e2ce4a91a95e5f483c84310c9513.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2520