redline | d15b9472e55acfaa99bbaff7cf5d6bf7e4a74a3c931392a90d24b59f1b46a723

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17/11/2024, 10:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d15b9472e55acfaa99bbaff7cf5d6bf7e4a74a3c931392a90d24b59f1b46a723N.exe
Size

168KB
MD5

43ca4de43eeb3fcc9ea660d02e7aacf0
SHA1

79cc03bdf3d00e3df73849b8d92f3c7e3a30619e
SHA256

d15b9472e55acfaa99bbaff7cf5d6bf7e4a74a3c931392a90d24b59f1b46a723
SHA512

da92862c3e154214c979dacaca4856a1914a291111df9e059e919706e3f918a574bf57c4fbe9bdab7bf75cb930b63cfc52c768c64861d0bdcfafb61604412c6b
SSDEEP

3072:uJaohQaSe5clFcb0iCKbqVsTQZxTcVL8e8h2:uJteaSe5clhiVwxTcVL

Score

10^/10

redline mazda discovery infostealer

Malware Config

Extracted

Family

redline

Botnet

mazda

217.196.96.56:4138

Attributes

auth_value
3d2870537d84a4c6d7aeecd002871c51

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral1/memory/2280-1-0x0000000000F00000-0x0000000000F30000-memory.dmp	family_redline

Redline family
redline

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d15b9472e55acfaa99bbaff7cf5d6bf7e4a74a3c931392a90d24b59f1b46a723N.exe

C:\Users\Admin\AppData\Local\Temp\d15b9472e55acfaa99bbaff7cf5d6bf7e4a74a3c931392a90d24b59f1b46a723N.exe
"C:\Users\Admin\AppData\Local\Temp\d15b9472e55acfaa99bbaff7cf5d6bf7e4a74a3c931392a90d24b59f1b46a723N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2280-0-0x00000000745BE000-0x00000000745BF000-memory.dmp

Filesize
4KB

Download
memory/2280-1-0x0000000000F00000-0x0000000000F30000-memory.dmp

Filesize
192KB

Download
memory/2280-2-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/2280-3-0x00000000745B0000-0x0000000074C9E000-memory.dmp

Filesize
6.9MB

Download
memory/2280-4-0x00000000745BE000-0x00000000745BF000-memory.dmp

Filesize
4KB

Download
memory/2280-5-0x00000000745B0000-0x0000000074C9E000-memory.dmp

Filesize
6.9MB

Download