Analysis
-
max time kernel
131s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
09-11-2024 19:15
General
-
Target
05a2d3d40d6f143e3f990a5fe4b064a6c615c530b5f2946cf2a730c5df5856e4.exe
-
Size
469KB
-
MD5
b009a6f63bea7ca310275170f7652bed
-
SHA1
e8fe4b78bf0f2d28aad55c7341b9f9870aa83e5c
-
SHA256
05a2d3d40d6f143e3f990a5fe4b064a6c615c530b5f2946cf2a730c5df5856e4
-
SHA512
c964896c2bb2611f33ffaa44dedcb351504b528a406a646057f6fee4beb8df54628430ef1323a1127a5cb9e43ce61e08d0cdcbe0cfb13b6cb563a6e63d760c10
-
SSDEEP
12288:2Mr6y90Fdjy0V6lrl1LVzql3oWK9f2w2acGh:wyQVV6VL8BoVewB
Malware Config
Extracted
redline
fukia
193.233.20.13:4136
-
auth_value
e5783636fbd9e4f0cf9a017bce02e67e
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 2 IoCs
-
Redline family
-
Executes dropped EXE 2 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\05a2d3d40d6f143e3f990a5fe4b064a6c615c530b5f2946cf2a730c5df5856e4.exe"C:\Users\Admin\AppData\Local\Temp\05a2d3d40d6f143e3f990a5fe4b064a6c615c530b5f2946cf2a730c5df5856e4.exe"1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\nIG36.exeC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\nIG36.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\bdO69.exeC:\Users\Admin\AppData\Local\Temp\IXP001.TMP\bdO69.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
202KB
MD5701aca7db94e1eb1aaf7ca4629c50639
SHA129526b0d8cbbed5b0868ca79db6048fa81c87534
SHA256c970f3653803dc846d4dd654c3493a17ccc9ab2fafe48d530b164cb154d5699b
SHA512806d1dfe71270e0289eccdf8e7e76f0d3b279e3457cde92a5547a4a205b209f8aabd910c89d3fee0480df51af1764a72430532cebeff3732313f3c2ea464a085
-
Filesize
175KB
MD5a5f5c5d6291c7ae9e1d1b7ed1e551490
SHA13d06413341893b838549939e15f8f1eec423d71a
SHA2561a09ce1cb64219a5d88e57845dc9ba6631efa06fccc8867ccf94eb132947563e
SHA512d9b3ba67bdd615ee2ce91a29cd9cf6723464be27bf45186fd0e9559ff2b0e7c51b423cfc3e32b5e90955046fb75a34c4a8528df7294b6c831ca254a65d2b8ba2
-
Filesize
4KB
-
Filesize
200KB
-
Filesize
6.1MB
-
Filesize
1.0MB
-
Filesize
72KB
-
Filesize
240KB
-
Filesize
304KB
-
Filesize
4KB