Analysis
-
max time kernel
131s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
08/11/2024, 22:26
Behavioral task
behavioral1
Sample
13b7b9739a75e88d5658621abe1cb40fb4704231.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
13b7b9739a75e88d5658621abe1cb40fb4704231.exe
Resource
win10v2004-20241007-en
General
-
Target
13b7b9739a75e88d5658621abe1cb40fb4704231.exe
-
Size
364KB
-
MD5
75a7a5f69841af724dc0788b0d4dbe65
-
SHA1
13b7b9739a75e88d5658621abe1cb40fb4704231
-
SHA256
6efe7405fbe3b46df3b35ba15f7d15fc3012577d1072337a41d6403db2d68acd
-
SHA512
cdd753c96d7460fdce35e3b3acd9a5fd190c95220df26a8255b3d40cfe32a8c7abfebc7cff93416ee3158921ae03378e08b69d6230871b33486d40d7d6e9e7cc
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Malware Config
Extracted
redline
0002
13.72.81.58:13413
-
auth_value
866ce0ed8cfe2be77fb43a4912677698
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
resource yara_rule behavioral1/memory/2856-1-0x00000000013A0000-0x0000000001400000-memory.dmp family_redline -
Redline family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 13b7b9739a75e88d5658621abe1cb40fb4704231.exe