Analysis
-
max time kernel
131s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
10-11-2024 08:14
General
-
Target
39a520eb98d157b5172a33412359a3a7b0c7947172ca944e33266f7193a85c7b.exe
-
Size
468KB
-
MD5
3c57c801172b7ac3e3ed6c63eb3fc0ae
-
SHA1
66563ec800fe815e9188bd3dc80ad02fdbab9670
-
SHA256
39a520eb98d157b5172a33412359a3a7b0c7947172ca944e33266f7193a85c7b
-
SHA512
583779d8d96bbedef75ad266a87f926e646a5249bc855041c7942b61287a9d0e39bee42d04df7c256ce63d01e5d8e405e1bb83b2ef0f90ae75e96862cf4e20a7
-
SSDEEP
12288:5Mrfy90fLXTjHoz/19RMWEZb0P855H9us:GykTg93I0P8DHF
Malware Config
Extracted
redline
fukia
193.233.20.13:4136
-
auth_value
e5783636fbd9e4f0cf9a017bce02e67e
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 2 IoCs
-
Redline family
-
Executes dropped EXE 2 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\39a520eb98d157b5172a33412359a3a7b0c7947172ca944e33266f7193a85c7b.exe"C:\Users\Admin\AppData\Local\Temp\39a520eb98d157b5172a33412359a3a7b0c7947172ca944e33266f7193a85c7b.exe"1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\nxx44.exeC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\nxx44.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\bPg89.exeC:\Users\Admin\AppData\Local\Temp\IXP001.TMP\bPg89.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
202KB
MD571d526989f52c00c1ccf696885c97931
SHA1bbdf970f7f2300a3cf2241cb4afbd0f88585a0ce
SHA2567493b44e56bada8818380521e66f7a0252393506faee7daa97ca25236d09e383
SHA512da8ff57f60f4c586dff8fcff1fa7ad07fcc4414512c0110515230586544ac339a1bad7821f7aed6b39e32253c10567679db19b2dfbe04a7090bd1ba06d9072c4
-
Filesize
175KB
MD5a5f5c5d6291c7ae9e1d1b7ed1e551490
SHA13d06413341893b838549939e15f8f1eec423d71a
SHA2561a09ce1cb64219a5d88e57845dc9ba6631efa06fccc8867ccf94eb132947563e
SHA512d9b3ba67bdd615ee2ce91a29cd9cf6723464be27bf45186fd0e9559ff2b0e7c51b423cfc3e32b5e90955046fb75a34c4a8528df7294b6c831ca254a65d2b8ba2
-
Filesize
4KB
-
Filesize
200KB
-
Filesize
6.1MB
-
Filesize
1.0MB
-
Filesize
72KB
-
Filesize
240KB
-
Filesize
304KB
-
Filesize
4KB