Analysis
-
max time kernel
122s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
08-08-2023 12:06
Static task
static1
Behavioral task
behavioral1
Sample
9596390fa3510502294f557f423d576f09e965d5e8eb2.exe
Resource
win7-20230712-en
General
-
Target
9596390fa3510502294f557f423d576f09e965d5e8eb2.exe
-
Size
384KB
-
MD5
7392af49870445a1d1c1422e7b10ee76
-
SHA1
9441602aff049020330136fa2e6abdc4810efffc
-
SHA256
9596390fa3510502294f557f423d576f09e965d5e8eb21ad1878a8f4cbaad1ef
-
SHA512
738a11e17a3f88aa92b09d220dd396b81071d587b9066f5a40291929ea50270a830ba047eb10eff767632f7f968bb6b3c6612bbc321b7c6800b8a5597aed6e0a
-
SSDEEP
6144:p6B3M6wcTtKPfgkGKHeGf3i51k5jTcZu98WL8pZ3Qt1k5G9oa:pkc6w8KHgE+vk5cxMu5Qt14YJ
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
209.250.248.11:33522
-
auth_value
3a050df92d0cf082b2cdaf87863616be
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
pid Process 2584 9596390fa3510502294f557f423d576f09e965d5e8eb2.exe 2584 9596390fa3510502294f557f423d576f09e965d5e8eb2.exe 2584 9596390fa3510502294f557f423d576f09e965d5e8eb2.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2584 9596390fa3510502294f557f423d576f09e965d5e8eb2.exe