Analysis
-
max time kernel
110s -
max time network
115s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
22-11-2024 09:36
Static task
static1
Behavioral task
behavioral1
Sample
149cf2cb1e68fad5a9153cdb95abf2816270126c9f6f51b720b15a5bb6812656.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
149cf2cb1e68fad5a9153cdb95abf2816270126c9f6f51b720b15a5bb6812656.exe
Resource
win10v2004-20241007-en
General
-
Target
149cf2cb1e68fad5a9153cdb95abf2816270126c9f6f51b720b15a5bb6812656.exe
-
Size
855KB
-
MD5
6e85720374ce57edf27d7c6337fac3c5
-
SHA1
85e44dad1c1b96cc545b445a2e92de7ffd92f4e4
-
SHA256
149cf2cb1e68fad5a9153cdb95abf2816270126c9f6f51b720b15a5bb6812656
-
SHA512
58ee7a86b8141ceba142e533f35bc62702ce2627a8083598fd31ef38f4bbf00ab255fd4327f19fb682d8a9031df3ec815519fd2e731098616ec5e94adfc1ce55
-
SSDEEP
12288:kwu0gA4e6F9c8TFY5BcQ5wUal7Ts+rHWqxETUnBupICs6Ttxy0b7igdt4fJZE:k+gAp+FYYQKUM7JbI97ign4RZE
Malware Config
Extracted
redline
@Iucky_man
92.119.113.189:21746
-
auth_value
de713911efa818890ac36085c9a0fc58
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 4 IoCs
Processes:
resource yara_rule behavioral1/memory/1224-0-0x00000000003F0000-0x000000000041E000-memory.dmp family_redline behavioral1/memory/1224-7-0x00000000003F0000-0x000000000041E000-memory.dmp family_redline behavioral1/memory/1224-9-0x00000000004F0000-0x000000000050E000-memory.dmp family_redline behavioral1/memory/1224-13-0x00000000003F0000-0x000000000041E000-memory.dmp family_redline -
Redline family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
149cf2cb1e68fad5a9153cdb95abf2816270126c9f6f51b720b15a5bb6812656.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 149cf2cb1e68fad5a9153cdb95abf2816270126c9f6f51b720b15a5bb6812656.exe