Analysis
-
max time kernel
139s -
max time network
147s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
08/04/2024, 20:38
Behavioral task
behavioral1
Sample
Radiogram.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Radiogram.exe
Resource
win10-20240404-en
General
-
Target
Radiogram.exe
-
Size
109KB
-
MD5
5d320d4f2e1bb3153392a5b2c78f0b67
-
SHA1
9df777a1ba6eec52666389f874db9d2bb0c65d18
-
SHA256
617ae2cedb4ba05377589c60efcd1ab10df42f8327229935e6ff6a8d7887ac27
-
SHA512
b32698ad92844d25130f16f6fa0095a50a02017013e1a0f185ed1f1a2e9eaf8cbe7d1f3f226f59ca02bd44e219611a4e647b9da2893a7f81b382533a74b5c820
-
SSDEEP
1536:LAbbDr5JdAmS4lZyNVxCuCk+q6wN4c3oJQpZ6FSnH8Nby+xXm8lMg8HI6T:L87k+q6wN8oaYmyoWv7o6T
Malware Config
Extracted
redline
6077866846
https://pastebin.com/raw/KE5Mft0T
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
resource yara_rule behavioral2/memory/1056-0-0x00000206CB810000-0x00000206CB832000-memory.dmp family_redline -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 64 IoCs
flow ioc 52 pastebin.com 98 pastebin.com 112 pastebin.com 135 pastebin.com 7 pastebin.com 24 pastebin.com 76 pastebin.com 82 pastebin.com 123 pastebin.com 137 pastebin.com 1 pastebin.com 21 pastebin.com 27 pastebin.com 63 pastebin.com 67 pastebin.com 88 pastebin.com 97 pastebin.com 141 pastebin.com 89 pastebin.com 142 pastebin.com 6 pastebin.com 22 pastebin.com 70 pastebin.com 74 pastebin.com 15 pastebin.com 25 pastebin.com 31 pastebin.com 32 pastebin.com 81 pastebin.com 83 pastebin.com 118 pastebin.com 23 pastebin.com 38 pastebin.com 42 pastebin.com 55 pastebin.com 26 pastebin.com 90 pastebin.com 122 pastebin.com 127 pastebin.com 47 pastebin.com 51 pastebin.com 68 pastebin.com 101 pastebin.com 126 pastebin.com 16 pastebin.com 44 pastebin.com 80 pastebin.com 105 pastebin.com 87 pastebin.com 115 pastebin.com 125 pastebin.com 93 pastebin.com 50 pastebin.com 94 pastebin.com 128 pastebin.com 53 pastebin.com 84 pastebin.com 109 pastebin.com 120 pastebin.com 9 pastebin.com 11 pastebin.com 39 pastebin.com 40 pastebin.com 20 pastebin.com -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1056 Radiogram.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1056 Radiogram.exe