Analysis
-
max time kernel
119s -
max time network
114s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
13-11-2024 20:32
Behavioral task
behavioral1
Sample
b644eef5d770dbf32ee4f8cfd4adee5b20903343731cfc534f00ebfdad22ce05N.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
b644eef5d770dbf32ee4f8cfd4adee5b20903343731cfc534f00ebfdad22ce05N.exe
Resource
win10v2004-20241007-en
General
-
Target
b644eef5d770dbf32ee4f8cfd4adee5b20903343731cfc534f00ebfdad22ce05N.exe
-
Size
175KB
-
MD5
1525426eb530090f2ea448a20dcd8c70
-
SHA1
2a664333c6ce5be3628f49a548ff4c7fa990932d
-
SHA256
b644eef5d770dbf32ee4f8cfd4adee5b20903343731cfc534f00ebfdad22ce05
-
SHA512
de6cfcdd509bb8de75b060c925ecab360739a73220e30a3e46ef0a559fdb429e4e630fbc2628cc10595de8d9cfb63d3eb4af2b50cf0e8d6d5810d53167d37a8b
-
SSDEEP
3072:6xqZWFFa7E6T8v1YFD8+e/5N8h9v7xNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jw:oqZcviFIB8h5
Malware Config
Extracted
redline
zaza
176.113.115.145:4125
-
auth_value
48bf44c663fe3c1035fb4dd0b91fde5d
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1956-1-0x00000000003C0000-0x00000000003F2000-memory.dmp family_redline -
Redline family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
b644eef5d770dbf32ee4f8cfd4adee5b20903343731cfc534f00ebfdad22ce05N.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language b644eef5d770dbf32ee4f8cfd4adee5b20903343731cfc534f00ebfdad22ce05N.exe