Overview

overview

10

Static

static

10

REDLINE_ST...1).zip

windows7-x64

1

REDLINE_ST...1).zip

windows10-2004-x64

1

REDLINE ST...er.exe

windows7-x64

3

REDLINE ST...er.exe

windows10-2004-x64

3

REDLINE ST...config

windows7-x64

3

REDLINE ST...config

windows10-2004-x64

3

REDLINE ST...er.pdb

windows7-x64

3

REDLINE ST...er.pdb

windows10-2004-x64

3

REDLINE ST...db.dll

windows7-x64

1

REDLINE ST...db.dll

windows10-2004-x64

1

REDLINE ST...db.pdb

windows7-x64

3

REDLINE ST...db.pdb

windows10-2004-x64

3

REDLINE ST...db.dll

windows7-x64

1

REDLINE ST...db.dll

windows10-2004-x64

1

REDLINE ST...db.pdb

windows7-x64

3

REDLINE ST...db.pdb

windows10-2004-x64

3

REDLINE ST...ks.dll

windows7-x64

1

REDLINE ST...ks.dll

windows10-2004-x64

1

REDLINE ST...ks.pdb

windows7-x64

3

REDLINE ST...ks.pdb

windows10-2004-x64

3

REDLINE ST...il.dll

windows7-x64

1

REDLINE ST...il.dll

windows10-2004-x64

1

REDLINE ST...il.pdb

windows7-x64

3

REDLINE ST...il.pdb

windows10-2004-x64

3

REDLINE ST...ub.exe

windows7-x64

10

REDLINE ST...ub.exe

windows10-2004-x64

10

REDLINE ST...st.exe

windows7-x64

3

REDLINE ST...st.exe

windows10-2004-x64

3

REDLINE ST...config

windows7-x64

3

REDLINE ST...config

windows10-2004-x64

3

REDLINE ST...CF.dll

windows7-x64

1

REDLINE ST...CF.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    103s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    04-08-2024 09:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    REDLINE STEALER V20.2 - Edition 2022/Kurome.Builder/Mono.Cecil.Pdb.pdb

  • Size

    25KB

  • MD5

    711c5f65bd140e72ee30b33f14fbf100

  • SHA1

    3e090fd877988c75ae1b225941d4cd1810dac62f

  • SHA256

    7c3a6b12ef0676d3dc80a4e2b790f3dec4d7fdaa182b2181c3f6ee283b118a9e

  • SHA512

    fa24633b751a940c2fbf4c5f91cfe4a50cda0554d748cab2d3a06e68677fd579490f6143e34b9ffa442d7e766e435553054d1a58eb15511509bc2ee38b53026b

  • SSDEEP

    384:scLpiGBZv4MIakMhVPaN1NsDIsG0TypbdTWhmtqsqMfK35OWF1nbsALpmQVVj:scLgikcVPaJsssGGAdcm3fKhDsAFJ

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\REDLINE STEALER V20.2 - Edition 2022\Kurome.Builder\Mono.Cecil.Pdb.pdb"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2884
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\REDLINE STEALER V20.2 - Edition 2022\Kurome.Builder\Mono.Cecil.Pdb.pdb
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2736
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\REDLINE STEALER V20.2 - Edition 2022\Kurome.Builder\Mono.Cecil.Pdb.pdb"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2952

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    206c792d0dd496bff4428cb77a088c8c

    SHA1

    7f0f86725db9c77e2a36aae85e5ebf3e7143c90d

    SHA256

    d7284bc662ccd80036a22e3d675406fe2163035f569ecc68d509d0897b5629bb

    SHA512

    a02bfc12fa3bb344503b54d9220b9778e54193ccbe93a02b55cdffcf461404c669bbd8ca593ded0f457ab4d0bbfed9fc25322b94a3fed4d28581abdb45a36ec4

    Download Submit