Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07/11/2024, 04:46

General

  • Target

    2a711f77decca10bdb3bfc5df22c43ad001f7b1ce570a29181c7b173cc6cf889.exe

  • Size

    272KB

  • MD5

    d948ffece953d554f11e97167af9e9bc

  • SHA1

    467cab90312a678038fc6d78811edfe77fdbff41

  • SHA256

    2a711f77decca10bdb3bfc5df22c43ad001f7b1ce570a29181c7b173cc6cf889

  • SHA512

    060bd43d60a225b49d71acc1ac4c7955d283799064ad4ba9843c6b4fa62f7242fadcf9e31085e8ec3ab3317fb0c020185de0c98d7c4d2a6ba17f3b1c920ce962

  • SSDEEP

    3072:A6joELz6lmfCJRNa0UcAO0kk+aVpvLV9Kno40NQnLhFNnTrOafMfxNn2pU9f2MKV:A6jsJaDcATkk+anvLVozLhHnR

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  • RedLine payload 1 IoCs
  • Redline family
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2a711f77decca10bdb3bfc5df22c43ad001f7b1ce570a29181c7b173cc6cf889.exe
    "C:\Users\Admin\AppData\Local\Temp\2a711f77decca10bdb3bfc5df22c43ad001f7b1ce570a29181c7b173cc6cf889.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:2712

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2712-0-0x00000000745CE000-0x00000000745CF000-memory.dmp

    Filesize

    4KB

  • memory/2712-1-0x0000000000C90000-0x0000000000CD4000-memory.dmp

    Filesize

    272KB