Analysis

  • max time kernel
    140s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    11/11/2024, 06:02

General

  • Target

    2318e8dbc85950fbb36c05dde64f9858d6781efff69d133c7380d78603429ecf.exe

  • Size

    361KB

  • MD5

    b53ac40a9909859397486caf77e7f404

  • SHA1

    b64536cb8b3bfd0b626d517ef77a969fd00adbac

  • SHA256

    2318e8dbc85950fbb36c05dde64f9858d6781efff69d133c7380d78603429ecf

  • SHA512

    71e6aee03f67a6514585fd126b21e7f990fae01518e2e7129314b603081fe1e2209eea8a6cca7ddaaf617b8f58cf8507bc3232a61c810c18329e1684a7927122

  • SSDEEP

    6144:nP5lRPv2iqc3WM2xBUOzDuFl1m0J0fu9XR+Y4BO2JHUg7b/EDN/:P5/eiqc3WMrMDqqfS1eJJpkDh

Malware Config

Extracted

Family

redline

Botnet

ww

C2

193.106.191.67:44400

Attributes
  • auth_value

    5a1b28ccd05953f5c3f99729c12427cc

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  • RedLine payload 35 IoCs
  • Redline family
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2318e8dbc85950fbb36c05dde64f9858d6781efff69d133c7380d78603429ecf.exe
    "C:\Users\Admin\AppData\Local\Temp\2318e8dbc85950fbb36c05dde64f9858d6781efff69d133c7380d78603429ecf.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:572

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/572-2-0x0000000000400000-0x000000000043C000-memory.dmp

          Filesize

          240KB

        • memory/572-3-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/572-1-0x0000000000550000-0x0000000000650000-memory.dmp

          Filesize

          1024KB

        • memory/572-4-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/572-5-0x0000000002080000-0x00000000020B4000-memory.dmp

          Filesize

          208KB

        • memory/572-6-0x0000000004710000-0x0000000004742000-memory.dmp

          Filesize

          200KB

        • memory/572-7-0x0000000004710000-0x000000000473D000-memory.dmp

          Filesize

          180KB

        • memory/572-26-0x0000000004710000-0x000000000473D000-memory.dmp

          Filesize

          180KB

        • memory/572-8-0x0000000004710000-0x000000000473D000-memory.dmp

          Filesize

          180KB

        • memory/572-52-0x0000000004710000-0x000000000473D000-memory.dmp

          Filesize

          180KB

        • memory/572-10-0x0000000004710000-0x000000000473D000-memory.dmp

          Filesize

          180KB

        • memory/572-48-0x0000000004710000-0x000000000473D000-memory.dmp

          Filesize

          180KB

        • memory/572-42-0x0000000004710000-0x000000000473D000-memory.dmp

          Filesize

          180KB

        • memory/572-38-0x0000000004710000-0x000000000473D000-memory.dmp

          Filesize

          180KB

        • memory/572-70-0x0000000004710000-0x000000000473D000-memory.dmp

          Filesize

          180KB

        • memory/572-12-0x0000000004710000-0x000000000473D000-memory.dmp

          Filesize

          180KB

        • memory/572-14-0x0000000004710000-0x000000000473D000-memory.dmp

          Filesize

          180KB

        • memory/572-16-0x0000000004710000-0x000000000473D000-memory.dmp

          Filesize

          180KB

        • memory/572-18-0x0000000004710000-0x000000000473D000-memory.dmp

          Filesize

          180KB

        • memory/572-20-0x0000000004710000-0x000000000473D000-memory.dmp

          Filesize

          180KB

        • memory/572-24-0x0000000004710000-0x000000000473D000-memory.dmp

          Filesize

          180KB

        • memory/572-22-0x0000000004710000-0x000000000473D000-memory.dmp

          Filesize

          180KB

        • memory/572-36-0x0000000004710000-0x000000000473D000-memory.dmp

          Filesize

          180KB

        • memory/572-68-0x0000000004710000-0x000000000473D000-memory.dmp

          Filesize

          180KB

        • memory/572-66-0x0000000004710000-0x000000000473D000-memory.dmp

          Filesize

          180KB

        • memory/572-65-0x0000000004710000-0x000000000473D000-memory.dmp

          Filesize

          180KB

        • memory/572-62-0x0000000004710000-0x000000000473D000-memory.dmp

          Filesize

          180KB

        • memory/572-60-0x0000000004710000-0x000000000473D000-memory.dmp

          Filesize

          180KB

        • memory/572-58-0x0000000004710000-0x000000000473D000-memory.dmp

          Filesize

          180KB

        • memory/572-56-0x0000000004710000-0x000000000473D000-memory.dmp

          Filesize

          180KB

        • memory/572-54-0x0000000004710000-0x000000000473D000-memory.dmp

          Filesize

          180KB

        • memory/572-50-0x0000000004710000-0x000000000473D000-memory.dmp

          Filesize

          180KB

        • memory/572-46-0x0000000004710000-0x000000000473D000-memory.dmp

          Filesize

          180KB

        • memory/572-44-0x0000000004710000-0x000000000473D000-memory.dmp

          Filesize

          180KB

        • memory/572-40-0x0000000004710000-0x000000000473D000-memory.dmp

          Filesize

          180KB

        • memory/572-34-0x0000000004710000-0x000000000473D000-memory.dmp

          Filesize

          180KB

        • memory/572-32-0x0000000004710000-0x000000000473D000-memory.dmp

          Filesize

          180KB

        • memory/572-30-0x0000000004710000-0x000000000473D000-memory.dmp

          Filesize

          180KB

        • memory/572-28-0x0000000004710000-0x000000000473D000-memory.dmp

          Filesize

          180KB

        • memory/572-961-0x0000000000550000-0x0000000000650000-memory.dmp

          Filesize

          1024KB

        • memory/572-962-0x0000000000400000-0x000000000043C000-memory.dmp

          Filesize

          240KB