Analysis
-
max time kernel
148s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
07-07-2024 01:18
Static task
static1
Behavioral task
behavioral1
Sample
cc03430547aeb57a48bea8b42166aa5d67fa03097c8e6e1db055e30dc27e9baf.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
cc03430547aeb57a48bea8b42166aa5d67fa03097c8e6e1db055e30dc27e9baf.exe
Resource
win10v2004-20240704-en
General
-
Target
cc03430547aeb57a48bea8b42166aa5d67fa03097c8e6e1db055e30dc27e9baf.exe
-
Size
1.1MB
-
MD5
4ac5de9d55c788c81412dcf74816b202
-
SHA1
16fbfc093f8bc4ba382bcbf52361cc8acfe4c2a4
-
SHA256
cc03430547aeb57a48bea8b42166aa5d67fa03097c8e6e1db055e30dc27e9baf
-
SHA512
3aac7dcca7baa365788d4829c9374054bb614da65fe81cf70deb8b22eec91f99b0fae87baabe13b2228ea7c3961200142aad8f875608bd8dcfa534e9fe18efc5
-
SSDEEP
24576:CBWD95o5+hFcG4fVdx8Wx9YPt0Sx611O4sAG8y1:CBWgp3p2trxM1v/G51
Malware Config
Extracted
redline
crackcloud
94.156.67.140:31957
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
resource yara_rule behavioral1/memory/2308-3-0x00000000003B0000-0x0000000000400000-memory.dmp family_redline -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2308 wrote to memory of 2284 2308 cc03430547aeb57a48bea8b42166aa5d67fa03097c8e6e1db055e30dc27e9baf.exe 32 PID 2308 wrote to memory of 2284 2308 cc03430547aeb57a48bea8b42166aa5d67fa03097c8e6e1db055e30dc27e9baf.exe 32 PID 2308 wrote to memory of 2284 2308 cc03430547aeb57a48bea8b42166aa5d67fa03097c8e6e1db055e30dc27e9baf.exe 32
Processes
-
C:\Users\Admin\AppData\Local\Temp\cc03430547aeb57a48bea8b42166aa5d67fa03097c8e6e1db055e30dc27e9baf.exe"C:\Users\Admin\AppData\Local\Temp\cc03430547aeb57a48bea8b42166aa5d67fa03097c8e6e1db055e30dc27e9baf.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2308 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2308 -s 7242⤵PID:2284
-