Analysis
-
max time kernel
22s -
max time network
104s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
07-07-2024 01:18
Static task
static1
Behavioral task
behavioral1
Sample
cc03430547aeb57a48bea8b42166aa5d67fa03097c8e6e1db055e30dc27e9baf.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
cc03430547aeb57a48bea8b42166aa5d67fa03097c8e6e1db055e30dc27e9baf.exe
Resource
win10v2004-20240704-en
General
-
Target
cc03430547aeb57a48bea8b42166aa5d67fa03097c8e6e1db055e30dc27e9baf.exe
-
Size
1.1MB
-
MD5
4ac5de9d55c788c81412dcf74816b202
-
SHA1
16fbfc093f8bc4ba382bcbf52361cc8acfe4c2a4
-
SHA256
cc03430547aeb57a48bea8b42166aa5d67fa03097c8e6e1db055e30dc27e9baf
-
SHA512
3aac7dcca7baa365788d4829c9374054bb614da65fe81cf70deb8b22eec91f99b0fae87baabe13b2228ea7c3961200142aad8f875608bd8dcfa534e9fe18efc5
-
SSDEEP
24576:CBWD95o5+hFcG4fVdx8Wx9YPt0Sx611O4sAG8y1:CBWgp3p2trxM1v/G51
Malware Config
Extracted
redline
crackcloud
94.156.67.140:31957
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
resource yara_rule behavioral2/memory/3128-3-0x00000290B8AE0000-0x00000290B8B30000-memory.dmp family_redline
Processes
-
C:\Users\Admin\AppData\Local\Temp\cc03430547aeb57a48bea8b42166aa5d67fa03097c8e6e1db055e30dc27e9baf.exe"C:\Users\Admin\AppData\Local\Temp\cc03430547aeb57a48bea8b42166aa5d67fa03097c8e6e1db055e30dc27e9baf.exe"1⤵PID:3128
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4216,i,7545522914305657361,9950105517201397946,262144 --variations-seed-version --mojo-platform-channel-handle=3416 /prefetch:81⤵PID:4124