Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
15-08-2023 12:55
Behavioral task
behavioral1
Sample
1748-195-0x0000000003200000-0x0000000003234000-memory.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
1748-195-0x0000000003200000-0x0000000003234000-memory.exe
Resource
win10v2004-20230703-en
General
-
Target
1748-195-0x0000000003200000-0x0000000003234000-memory.exe
-
Size
208KB
-
MD5
47de9276b602517beaf6654ada5d6222
-
SHA1
be430edf463db098bd66a126c74e87f6d7a93585
-
SHA256
5c55a9aa0af4e4c56fcb30633d96c65c883a5593bb28abd679269cbe244a029e
-
SHA512
89c031a2a0a0402aea0172ee83d78e69fda4785014b2b73dff21971352f490e3b1aa30a551bf0d1791e942e42953a0c0847c05139deaa37d093a9831a47bfaf6
-
SSDEEP
3072:jzhrmtU/f3YIInGpDvw/1oPYqSaVXr2nhK9w4hxwaD8d8e8hl:5rmtU/gIInG6oAqBVXrmhKZ5e
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
51.83.170.21:19447
-
auth_value
3a050df92d0cf082b2cdaf87863616be
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
pid Process 2596 1748-195-0x0000000003200000-0x0000000003234000-memory.exe 2596 1748-195-0x0000000003200000-0x0000000003234000-memory.exe 2596 1748-195-0x0000000003200000-0x0000000003234000-memory.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2596 1748-195-0x0000000003200000-0x0000000003234000-memory.exe