Analysis
-
max time kernel
132s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/11/2024, 20:32
Behavioral task
behavioral1
Sample
18c06474c122b352519455f9885987781b5c01330ebff1f0814c50f00b83cdd8.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
18c06474c122b352519455f9885987781b5c01330ebff1f0814c50f00b83cdd8.exe
Resource
win10v2004-20241007-en
General
-
Target
18c06474c122b352519455f9885987781b5c01330ebff1f0814c50f00b83cdd8.exe
-
Size
175KB
-
MD5
12fa54ca6eb83eb3f7cc21544a2b3e72
-
SHA1
9f0b140a157a517198b849f1390ccdc51befab35
-
SHA256
18c06474c122b352519455f9885987781b5c01330ebff1f0814c50f00b83cdd8
-
SHA512
7436e60c96c755136753ae0fbd8d971bcc9eae0f15752f51a65639bb31183ae7944c816ad56b7e6331aab6b532c6c6d09cb9e44a9adcc8a8aa5bfae6ddb9e712
-
SSDEEP
3072:yxqZWFFa7E6T825De559yhGfxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuw+cO:gqZcMUyh
Malware Config
Extracted
redline
nado
176.113.115.145:4125
-
auth_value
a648e365d8e0df895a84152ad68ffc56
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
resource yara_rule behavioral2/memory/4868-1-0x0000000000510000-0x0000000000542000-memory.dmp family_redline -
Redline family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 18c06474c122b352519455f9885987781b5c01330ebff1f0814c50f00b83cdd8.exe