Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    09/11/2024, 20:29

General

  • Target

    8bfe17eaf77eff1e1222657213dbd4a13a3b72fa50b4e6ba4e3309b45acab445.exe

  • Size

    272KB

  • MD5

    8b8f8f61245e6464115c162aac8a231c

  • SHA1

    01ae127f0a32449688d1a5ab064962f0f3905090

  • SHA256

    8bfe17eaf77eff1e1222657213dbd4a13a3b72fa50b4e6ba4e3309b45acab445

  • SHA512

    71dbd0be6f3e80560604b1d9ff0a57810b37b3ed97b935609ee2fbd6ec56f4133eeb7f1d0d56f2bcf989ae3619d261728ad60e0cdba75646f7aa3de74a712b70

  • SSDEEP

    3072:N6j4ELN6FY9C7zhf5hwVsmLoQYXJvLc99no40SEBShApnIlJJg6xNn2pU9f2MKTL:N6jidf5hwlLoJvLcPyShSnIdA

Malware Config

Extracted

Family

redline

Botnet

rouch

C2

193.56.146.11:4162

Attributes
  • auth_value

    1b1735bcfc122c708eae27ca352568de

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  • RedLine payload 1 IoCs
  • Redline family
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8bfe17eaf77eff1e1222657213dbd4a13a3b72fa50b4e6ba4e3309b45acab445.exe
    "C:\Users\Admin\AppData\Local\Temp\8bfe17eaf77eff1e1222657213dbd4a13a3b72fa50b4e6ba4e3309b45acab445.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:1728

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1728-0-0x0000000074C5E000-0x0000000074C5F000-memory.dmp

    Filesize

    4KB

  • memory/1728-1-0x00000000003F0000-0x0000000000434000-memory.dmp

    Filesize

    272KB