Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
08/11/2024, 05:04
Behavioral task
behavioral1
Sample
60337745f3403692aba9302021f522ef.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
60337745f3403692aba9302021f522ef.exe
Resource
win10v2004-20241007-en
General
-
Target
60337745f3403692aba9302021f522ef.exe
-
Size
208KB
-
MD5
60337745f3403692aba9302021f522ef
-
SHA1
aa77519739fd5ba152ff9bb1dc90a538f8e4276f
-
SHA256
d07309044a6db62a4a0d34bdd86d610a12d583100b8bab6a200987be22fd6ef1
-
SHA512
89e98f469f9f1dfbf305c6a1f5cbd823adf2ac7b87920a5f8ed1c7ed1bccf767b5c733c3287cf1f456adabac31bccef8ffb2723ba20ba8041ad5195b966159b8
-
SSDEEP
3072:Fe5Vw/at51IPe4wqbapusLbCR2U6fNUtvhmbjewX:FeA/Zm4Hb5ujNevhg6
Malware Config
Extracted
redline
SewPalpadin
193.233.48.58:38989
-
auth_value
7a741aa449c2131b60755b6dc189af74
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
resource yara_rule behavioral2/memory/4064-1-0x0000000000530000-0x0000000000564000-memory.dmp family_redline -
Redline family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 60337745f3403692aba9302021f522ef.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4064 60337745f3403692aba9302021f522ef.exe