Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
07-07-2024 03:48
Behavioral task
behavioral1
Sample
AppLaunch.exe
Resource
win7-20240705-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
AppLaunch.exe
Resource
win10v2004-20240704-en
2 signatures
150 seconds
General
-
Target
AppLaunch.exe
-
Size
104KB
-
MD5
006e7666628653086226ca1203d4db8f
-
SHA1
ab37c0fb698f4d316260910f21f5a498bd359db1
-
SHA256
b1b0137a9e18491dfae75e3921a47945a323486a6c9785ea050abcb2dc33e604
-
SHA512
52afaa8181c53a2bd6db78bd97c38dea027c05214c1d841aab2ba274995c346bebf4f198c401af973b648ea8e856aba87ad1ad805fbdf91a79fb83fddbdfc072
-
SSDEEP
1536:mh+zCvsP0XDcbYInTDEVgrj0y8WcWZWpVrR7lQSCbR2zbuMZEYCm+0wuei6ZLoD:rCvsP0XgUInt+SqVrR7l+eSrm+h/xP
Score
10/10
Malware Config
Extracted
Family
redline
C2
1.2.3.4:5678
Attributes
-
auth_value
8b8bd0cb6300e0dea786123a0853916a
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
resource yara_rule behavioral2/memory/2996-1-0x0000000000BB0000-0x0000000000BD0000-memory.dmp family_redline
Processes
-
C:\Users\Admin\AppData\Local\Temp\AppLaunch.exe"C:\Users\Admin\AppData\Local\Temp\AppLaunch.exe"1⤵PID:2996
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:1768