redline | fba5824a7c708acf5edd57c8f6265534ad461c425b9a85238584721abb819177

Analysis

max time kernel
131s
max time network
141s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 12:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fba5824a7c708acf5edd57c8f6265534ad461c425b9a85238584721abb819177.exe
Size

175KB
MD5

9e7b549904454831cb6afb12bc7af5f7
SHA1

c2fd91eb8a54935bad49e544b4a39c7479df003d
SHA256

fba5824a7c708acf5edd57c8f6265534ad461c425b9a85238584721abb819177
SHA512

fc659d442365295b5d0f12674f7250ac231f1a5ba64f48c04aa9fb8ce811b541c2b2cfd267b97c50c29fda9f54d943a93a98f06a9175fb40935652bddae76b92
SSDEEP

3072:6xqZWBJaHEDgXTzzfMK8emA9Xh8fxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOF:oqZVTPfBbXhG

Score

10^/10

redline dunkan discovery infostealer

Malware Config

Extracted

Family

redline

Botnet

dunkan

193.233.20.24:4123

Attributes

auth_value
505c396c57c6287fc3fdc5f3aeab0819

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral1/memory/2356-1-0x00000000011F0000-0x0000000001222000-memory.dmp	family_redline

Redline family
redline

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fba5824a7c708acf5edd57c8f6265534ad461c425b9a85238584721abb819177.exe

C:\Users\Admin\AppData\Local\Temp\fba5824a7c708acf5edd57c8f6265534ad461c425b9a85238584721abb819177.exe
"C:\Users\Admin\AppData\Local\Temp\fba5824a7c708acf5edd57c8f6265534ad461c425b9a85238584721abb819177.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2356-0-0x00000000749BE000-0x00000000749BF000-memory.dmp

Filesize
4KB

Download
memory/2356-1-0x00000000011F0000-0x0000000001222000-memory.dmp

Filesize
200KB

Download
memory/2356-2-0x00000000749B0000-0x000000007509E000-memory.dmp

Filesize
6.9MB

Download
memory/2356-3-0x00000000749BE000-0x00000000749BF000-memory.dmp

Filesize
4KB

Download
memory/2356-4-0x00000000749B0000-0x000000007509E000-memory.dmp

Filesize
6.9MB

Download