Analysis
-
max time kernel
105s -
max time network
113s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
11/11/2024, 06:47
Behavioral task
behavioral1
Sample
22dccf74a744699a16c6b5160b4a8f713995e641278b484ca835236ab293bd6e.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
22dccf74a744699a16c6b5160b4a8f713995e641278b484ca835236ab293bd6e.exe
Resource
win10v2004-20241007-en
General
-
Target
22dccf74a744699a16c6b5160b4a8f713995e641278b484ca835236ab293bd6e.exe
-
Size
175KB
-
MD5
bbbc18d0ab03985248e620d1c0e7cfb5
-
SHA1
7c2be3664736417b70829ecc14d8806475ac4384
-
SHA256
22dccf74a744699a16c6b5160b4a8f713995e641278b484ca835236ab293bd6e
-
SHA512
fec3c148ad0dd930ee3ce987bbab0ab1333b85c9c17e092a68e7f9c5eff6a900debe22a49f414bcc211b61af7f56fda08e7299a15a184237e6b3773fb743957f
-
SSDEEP
3072:UxqZWJBaKULo3P/UxljLezBFAhovTxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jV:qqZIP/UnKAhia
Malware Config
Extracted
redline
frukt
193.233.20.23:4124
-
auth_value
06c91230f673ef9b659f23ab41313be0
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
resource yara_rule behavioral2/memory/3640-1-0x0000000000230000-0x0000000000262000-memory.dmp family_redline -
Redline family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 22dccf74a744699a16c6b5160b4a8f713995e641278b484ca835236ab293bd6e.exe