4d24df74069820c16abba591228a42d81c20d3e56afa306b42d559073494a9ed

Analysis

max time kernel
148s
max time network
152s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
10-03-2023 14:35

Target

Redline Stealer 2022 Cracked/Panel/RedLine_20_2/Panel/Panel.exe.config
Size

26KB
MD5

494890d393a5a8c54771186a87b0265e
SHA1

162fa5909c1c3f84d34bda5d3370a957fe58c9c8
SHA256

f2a5a06359713226aeacfe239eeb8ae8606f4588d8e58a19947c3a190efbdfc7
SHA512

40fbd033f288fee074fc36e899796efb30d3c582784b834fc583706f19a0b8d5a134c6d1405afe563d2676072e4eefc4e169b2087867cab77a3fa1aa1a7c9395
SSDEEP

384:TXe7J7+7m7B7x7e7VCKrfqvUWCBrfqvfVCBrfqvfY:b+U+4+Y

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 2 IoCs

Processes:

cmd.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

OpenWith.exe

pid process

4024 OpenWith.exe

pid	process
4024	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Redline Stealer 2022 Cracked\Panel\RedLine_20_2\Panel\Panel.exe.config"
1⤵
- Modifies registry class
PID:3232

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact