redline | b90f904116403933251942864d79a96712911037ddbb1a7a0b4c855a2cbf8653

Analysis

max time kernel
133s
max time network
147s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
17-11-2024 09:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b90f904116403933251942864d79a96712911037ddbb1a7a0b4c855a2cbf8653.exe
Size

169KB
MD5

d5d57cdfc580a14c859cc72824a2a470
SHA1

8cc6d7e7f22f5e7ea7be36b23e05d11dc38757b4
SHA256

b90f904116403933251942864d79a96712911037ddbb1a7a0b4c855a2cbf8653
SHA512

60833cd2fc0c93b8f4df2bedb56f903cb71221773c62a08a3cc3e2a22fadc83d1c17087c9d8ee132478104190ebdd10050f0673aee3ac4d206271d6aef23d08b
SSDEEP

1536:19FKuQhqlVZRGWWwZrC3T3AHHnpX9rQTGqVIbumugSeIsfcNm83wYk08e8hk:1jPQN93rUpXbqV4MoIsfcNmC8e8hk

Score

10^/10

redline dante discovery infostealer

Malware Config

Extracted

Family

redline

Botnet

dante

185.161.248.73:4164

Attributes

auth_value
f4066af6b8a6f23125c8ee48288a3f90

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral1/memory/796-1-0x0000000000280000-0x00000000002B0000-memory.dmp	family_redline

Redline family
redline

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b90f904116403933251942864d79a96712911037ddbb1a7a0b4c855a2cbf8653.exe

C:\Users\Admin\AppData\Local\Temp\b90f904116403933251942864d79a96712911037ddbb1a7a0b4c855a2cbf8653.exe
"C:\Users\Admin\AppData\Local\Temp\b90f904116403933251942864d79a96712911037ddbb1a7a0b4c855a2cbf8653.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/796-0-0x000000007469E000-0x000000007469F000-memory.dmp

Filesize
4KB

Download
memory/796-1-0x0000000000280000-0x00000000002B0000-memory.dmp

Filesize
192KB

Download
memory/796-2-0x00000000003B0000-0x00000000003B6000-memory.dmp

Filesize
24KB

Download
memory/796-3-0x0000000074690000-0x0000000074D7E000-memory.dmp

Filesize
6.9MB

Download
memory/796-4-0x000000007469E000-0x000000007469F000-memory.dmp

Filesize
4KB

Download
memory/796-5-0x0000000074690000-0x0000000074D7E000-memory.dmp

Filesize
6.9MB

Download