redline | feef3bb6a20470ff5aaed87d01609742eb1201fda6759a5a4c92652f74c05549

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-11-2024 21:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

feef3bb6a20470ff5aaed87d01609742eb1201fda6759a5a4c92652f74c05549.exe
Size

136KB
MD5

0366bd6ab3a5b4050488eaf63a37b51d
SHA1

898c6b1144e8fd1999c3e7aa9aeb54d4a4496ca8
SHA256

feef3bb6a20470ff5aaed87d01609742eb1201fda6759a5a4c92652f74c05549
SHA512

e3b4418c7840ccd3eb433b0cb4e88e2952cc2f44dfd68cbb61d9c33b9c33c111a0f47970349fd6b80f6f0a7886da40abd4cbda8e4c35825cf0ef5ae6c702161d
SSDEEP

1536:BMi4rQ8qOCqm36k0BXlObJt6fh4C5hbV/hN0sA9sYgibfbFDKsRjK:OxrQ8qOTF8d64GJd/0sAyYgafJljK

Score

10^/10

redline discovery infostealer

Malware Config

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral2/memory/4588-1-0x0000000000160000-0x0000000000188000-memory.dmp	family_redline

Redline family
redline

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	feef3bb6a20470ff5aaed87d01609742eb1201fda6759a5a4c92652f74c05549.exe

C:\Users\Admin\AppData\Local\Temp\feef3bb6a20470ff5aaed87d01609742eb1201fda6759a5a4c92652f74c05549.exe
"C:\Users\Admin\AppData\Local\Temp\feef3bb6a20470ff5aaed87d01609742eb1201fda6759a5a4c92652f74c05549.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4588-0-0x000000007533E000-0x000000007533F000-memory.dmp

Filesize
4KB

Download
memory/4588-1-0x0000000000160000-0x0000000000188000-memory.dmp

Filesize
160KB

Download
memory/4588-2-0x0000000007580000-0x0000000007B98000-memory.dmp

Filesize
6.1MB

Download
memory/4588-3-0x0000000006FF0000-0x0000000007002000-memory.dmp

Filesize
72KB

Download
memory/4588-4-0x0000000007120000-0x000000000722A000-memory.dmp

Filesize
1.0MB

Download
memory/4588-5-0x0000000007050000-0x000000000708C000-memory.dmp

Filesize
240KB

Download
memory/4588-6-0x0000000075330000-0x0000000075AE0000-memory.dmp

Filesize
7.7MB

Download
memory/4588-7-0x0000000002410000-0x000000000245C000-memory.dmp

Filesize
304KB

Download
memory/4588-8-0x000000007533E000-0x000000007533F000-memory.dmp

Filesize
4KB

Download
memory/4588-9-0x0000000075330000-0x0000000075AE0000-memory.dmp

Filesize
7.7MB

Download