Analysis
-
max time kernel
106s -
max time network
114s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
11-11-2024 02:22
Behavioral task
behavioral1
Sample
85644a9475c7c124a8e4b677432d193ffab0481bb84b83a680d18a4a273c2946N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
85644a9475c7c124a8e4b677432d193ffab0481bb84b83a680d18a4a273c2946N.exe
Resource
win10v2004-20241007-en
General
-
Target
85644a9475c7c124a8e4b677432d193ffab0481bb84b83a680d18a4a273c2946N.exe
-
Size
168KB
-
MD5
775563c9eca8c6a1b32eb63fad486b70
-
SHA1
a6ff62e678d34aeaf241acc4403e6fc32f6cd12c
-
SHA256
85644a9475c7c124a8e4b677432d193ffab0481bb84b83a680d18a4a273c2946
-
SHA512
79df64dcf3d6f6d0f5943240629af4e1ffa1368800f7492ed02d5b5b62990cf40db8ad41f1eeb9c6af9760b23fb977a5f7bb8f5c6e8fb27f0d16671c27704c1a
-
SSDEEP
3072:uJaohQaSe5clFcb0iCKbqVsTQZxTcVL8e8h2:uJteaSe5clhiVwxTcVL
Malware Config
Extracted
redline
mazda
217.196.96.56:4138
-
auth_value
3d2870537d84a4c6d7aeecd002871c51
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
resource yara_rule behavioral2/memory/5072-1-0x00000000004E0000-0x0000000000510000-memory.dmp family_redline -
Redline family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 85644a9475c7c124a8e4b677432d193ffab0481bb84b83a680d18a4a273c2946N.exe