Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/11/2024, 22:19
Behavioral task
behavioral1
Sample
d8fc3434a00b7ab79cdccb41a5dcd0dc373353fd0da916f042095017e70b57f3.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d8fc3434a00b7ab79cdccb41a5dcd0dc373353fd0da916f042095017e70b57f3.exe
Resource
win10v2004-20241007-en
General
-
Target
d8fc3434a00b7ab79cdccb41a5dcd0dc373353fd0da916f042095017e70b57f3.exe
-
Size
137KB
-
MD5
0eeaf9bbbc588217d2d3d91db2147ab1
-
SHA1
11bed4a9dedd2c38793485cf44ce01f9280cc799
-
SHA256
d8fc3434a00b7ab79cdccb41a5dcd0dc373353fd0da916f042095017e70b57f3
-
SHA512
ccd35b414084f974a5bc55f0276efd2c61e36c71310781c34f821f0787debf2282562ef8d4012a9c9f1606dde8ca071b4a7adb94221380db17d28b105faccaeb
-
SSDEEP
3072:TYO/ZMTFf/4Y7DcN5eNdQO5izV3gDFzSRXlhhSSQP:TYMZMBf/4Yk2dQOk1gUBlh
Malware Config
Extracted
redline
High
80.66.87.20:80
-
auth_value
e5a19803f83e644a0008c2114f6c607e
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
resource yara_rule behavioral2/memory/4316-1-0x00000000002B0000-0x00000000002D8000-memory.dmp family_redline -
Redline family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language d8fc3434a00b7ab79cdccb41a5dcd0dc373353fd0da916f042095017e70b57f3.exe