Managed XDR

home-cjq-hybrid_featur...30a6f2ad86e76870dc.exe (RedLine Stealer) — malware analysis report

File info

Filename
home-cjq-hybrid_feature_gan-patched-classic_cnn_svm_mse_0.1_28_-ed699fa052ccc691ef9bd36b034dbb76a83a0f3d6aa1a4a1456e781b46292015_d748a831009e2e383c103ea440ed7b7e31514fcc628ecf30a6f2ad86e76870dc.exe
File type
PE32 executable (GUI) Intel 80386, for MS Windows
File size
435.6 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
f05bb51710943c0610ff97c1d7a5ceee8720650d
SHA256
d748a831009e2e383c103ea440ed7b7e31514fcc628ecf30a6f2ad86e76870dc
MD5
eab1bf39c220360f781077606b7a1126

Malwares

  • RedLine Stealer

Signatures

Privilege Escalation

T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity
has_pdb: This executable file has a PDB path
pe_overlay: PE file contains overlay

Related reports