Analysis
-
max time kernel
131s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
07/11/2024, 12:51
Behavioral task
behavioral1
Sample
3a1fbe8a7c495c98010716f60ab97b210d220f40.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
3a1fbe8a7c495c98010716f60ab97b210d220f40.exe
Resource
win10v2004-20241007-en
General
-
Target
3a1fbe8a7c495c98010716f60ab97b210d220f40.exe
-
Size
364KB
-
MD5
49da1ddd9ebc86b798885d11ee6ba3ed
-
SHA1
3a1fbe8a7c495c98010716f60ab97b210d220f40
-
SHA256
e21fc33f1bc77432f417c0ab49c7c80897760f1bdc469438c030970dbd0a91dd
-
SHA512
af23d46e5a51bedf75d0ec8e56bf8bccf17093bba0479c1b8fa037ec52c6a78757dc704d6175618937687d6108dd2b73f68c2cc61dcae50281c34d61bb9c969a
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Malware Config
Extracted
redline
0002
13.72.81.58:13413
-
auth_value
866ce0ed8cfe2be77fb43a4912677698
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
resource yara_rule behavioral2/memory/1244-1-0x0000000000310000-0x0000000000370000-memory.dmp family_redline -
Redline family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 3a1fbe8a7c495c98010716f60ab97b210d220f40.exe