Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
17/11/2024, 10:03 UTC
Behavioral task
behavioral1
Sample
d15b9472e55acfaa99bbaff7cf5d6bf7e4a74a3c931392a90d24b59f1b46a723N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d15b9472e55acfaa99bbaff7cf5d6bf7e4a74a3c931392a90d24b59f1b46a723N.exe
Resource
win10v2004-20241007-en
General
-
Target
d15b9472e55acfaa99bbaff7cf5d6bf7e4a74a3c931392a90d24b59f1b46a723N.exe
-
Size
168KB
-
MD5
43ca4de43eeb3fcc9ea660d02e7aacf0
-
SHA1
79cc03bdf3d00e3df73849b8d92f3c7e3a30619e
-
SHA256
d15b9472e55acfaa99bbaff7cf5d6bf7e4a74a3c931392a90d24b59f1b46a723
-
SHA512
da92862c3e154214c979dacaca4856a1914a291111df9e059e919706e3f918a574bf57c4fbe9bdab7bf75cb930b63cfc52c768c64861d0bdcfafb61604412c6b
-
SSDEEP
3072:uJaohQaSe5clFcb0iCKbqVsTQZxTcVL8e8h2:uJteaSe5clhiVwxTcVL
Malware Config
Extracted
redline
mazda
217.196.96.56:4138
-
auth_value
3d2870537d84a4c6d7aeecd002871c51
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
resource yara_rule behavioral1/memory/2280-1-0x0000000000F00000-0x0000000000F30000-memory.dmp family_redline -
Redline family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language d15b9472e55acfaa99bbaff7cf5d6bf7e4a74a3c931392a90d24b59f1b46a723N.exe
Processes
Network
- No results found
-
152 B 3
-
152 B 3
-
152 B 3
-
152 B 3
-
152 B 3