Analysis
-
max time kernel
132s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
11/11/2024, 08:44
General
-
Target
d7b38740a2c0a9cb1cf93055042a52b2ec4a89b6882d4b7aabd9582756ae7353.exe
-
Size
554KB
-
MD5
87ab9e5e4854f4a879937e5745eebf8c
-
SHA1
eb2966f5e143a8dbf80d0ffccdfd62f6cb67ca4b
-
SHA256
d7b38740a2c0a9cb1cf93055042a52b2ec4a89b6882d4b7aabd9582756ae7353
-
SHA512
16d91e3b18d204c692b47c4e0a251a0772f2debb325ec13ec2a584ca8bc7bfeaa89f1195e796e5acd123742d52bdc99a9ea101efae4ab05116a46d9b17b0ee76
-
SSDEEP
12288:ZMrzy90RQKInhnMotU40NxdJkGoZnwUa8uYORlWbTrGU:+y0QKyhM410Nxd7oZwUa0OfWb/GU
Malware Config
Extracted
redline
darm
217.196.96.56:4138
-
auth_value
d88ac8ccc04ab9979b04b46313db1648
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 2 IoCs
-
Redline family
-
Executes dropped EXE 2 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d7b38740a2c0a9cb1cf93055042a52b2ec4a89b6882d4b7aabd9582756ae7353.exe"C:\Users\Admin\AppData\Local\Temp\d7b38740a2c0a9cb1cf93055042a52b2ec4a89b6882d4b7aabd9582756ae7353.exe"1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\x0887541.exeC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\x0887541.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\g7719981.exeC:\Users\Admin\AppData\Local\Temp\IXP001.TMP\g7719981.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
382KB
MD53a99516df2e1b0c62b678e7463be8d8f
SHA153f01b664e0853ec06b668520ad4b3c7d9edda8d
SHA2569800599917ca9d73e9dbb9aab546953e04b049c5c07170206a2c8c498d3cf832
SHA512383e8c9e29a53970b6adf6477bc122f144e1a2bf3a1672eaf61fed0f0ed4a448e5ca7db88b61755968a039a9a52c6d0f7741811939157956bb7bd69aab2391c6
-
Filesize
168KB
MD520d1502b4b1c853156f4fd5d25734d53
SHA1580962e3f515a527c050ac1061d7c1214ac7d83a
SHA256dbe2b629d7ecd4d080ba36a1ffa797078bb6a67fa278040e964493ec8752c818
SHA512706f34ed4496a4616e0b4b8754f82a51e91efed4d745b050b3ec8c25036176c307e74e49af53c62a148b6c92eebe5ec77a4afe4439fe9e55a2dbfcb28ea6b48b
-
Filesize
4KB
-
Filesize
192KB
-
Filesize
24KB
-
Filesize
6.1MB
-
Filesize
1.0MB
-
Filesize
72KB
-
Filesize
240KB
-
Filesize
7.7MB
-
Filesize
304KB
-
Filesize
4KB
-
Filesize
7.7MB