Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    17/11/2024, 10:03 UTC

General

  • Target

    d15b9472e55acfaa99bbaff7cf5d6bf7e4a74a3c931392a90d24b59f1b46a723N.exe

  • Size

    168KB

  • MD5

    43ca4de43eeb3fcc9ea660d02e7aacf0

  • SHA1

    79cc03bdf3d00e3df73849b8d92f3c7e3a30619e

  • SHA256

    d15b9472e55acfaa99bbaff7cf5d6bf7e4a74a3c931392a90d24b59f1b46a723

  • SHA512

    da92862c3e154214c979dacaca4856a1914a291111df9e059e919706e3f918a574bf57c4fbe9bdab7bf75cb930b63cfc52c768c64861d0bdcfafb61604412c6b

  • SSDEEP

    3072:uJaohQaSe5clFcb0iCKbqVsTQZxTcVL8e8h2:uJteaSe5clhiVwxTcVL

Malware Config

Extracted

Family

redline

Botnet

mazda

C2

217.196.96.56:4138

Attributes
  • auth_value

    3d2870537d84a4c6d7aeecd002871c51

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  • RedLine payload 1 IoCs
  • Redline family
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\d15b9472e55acfaa99bbaff7cf5d6bf7e4a74a3c931392a90d24b59f1b46a723N.exe
    "C:\Users\Admin\AppData\Local\Temp\d15b9472e55acfaa99bbaff7cf5d6bf7e4a74a3c931392a90d24b59f1b46a723N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2280

Network

    No results found
  • 217.196.96.56:4138
    d15b9472e55acfaa99bbaff7cf5d6bf7e4a74a3c931392a90d24b59f1b46a723N.exe
    152 B
    3
  • 217.196.96.56:4138
    d15b9472e55acfaa99bbaff7cf5d6bf7e4a74a3c931392a90d24b59f1b46a723N.exe
    152 B
    3
  • 217.196.96.56:4138
    d15b9472e55acfaa99bbaff7cf5d6bf7e4a74a3c931392a90d24b59f1b46a723N.exe
    152 B
    3
  • 217.196.96.56:4138
    d15b9472e55acfaa99bbaff7cf5d6bf7e4a74a3c931392a90d24b59f1b46a723N.exe
    152 B
    3
  • 217.196.96.56:4138
    d15b9472e55acfaa99bbaff7cf5d6bf7e4a74a3c931392a90d24b59f1b46a723N.exe
    152 B
    3
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2280-0-0x00000000745BE000-0x00000000745BF000-memory.dmp

    Filesize

    4KB

  • memory/2280-1-0x0000000000F00000-0x0000000000F30000-memory.dmp

    Filesize

    192KB

  • memory/2280-2-0x0000000000270000-0x0000000000276000-memory.dmp

    Filesize

    24KB

  • memory/2280-3-0x00000000745B0000-0x0000000074C9E000-memory.dmp

    Filesize

    6.9MB

  • memory/2280-4-0x00000000745BE000-0x00000000745BF000-memory.dmp

    Filesize

    4KB

  • memory/2280-5-0x00000000745B0000-0x0000000074C9E000-memory.dmp

    Filesize

    6.9MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.