Overview

overview

10

Static

static

3

767101d80b...12.exe

windows7-x64

10

767101d80b...12.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    110s
  • max time network
    115s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-11-2024 00:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    767101d80bdc07b437efdf837f58cfa85e73dcc1e3bbb6814f888536bd59da12.exe

  • Size

    839KB

  • MD5

    9addc320bb3b89422541a70e26f1879b

  • SHA1

    b4f96a50d61faaf61325f0288e02db97447529fe

  • SHA256

    767101d80bdc07b437efdf837f58cfa85e73dcc1e3bbb6814f888536bd59da12

  • SHA512

    3e6e51998ef55ffe532f5c72138efeb40a7f47cffc19c38ee51c756bd96cc131ec2cabf95f26cf441d3875c6b862d685e4733197b81460506e54a7a177c1775f

  • SSDEEP

    12288:YL7CSb2gLre1WYMEUSILvWdbGSexg+rrMgpAz47kDLj/BRsDklNsS6:27rPfeECUbLAneq06uk/j5Rs4lWS6

Score
10/10
redline@f1gasebediscoveryinfostealer

Malware Config

Extracted

Family

redline

Botnet

@F1gaSebe

C2

95.181.152.6:46927

Attributes
  • auth_value

    cdf3919a262c0d6ba99116b375d7551c

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 3 IoCs
  • Redline family
    redline
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\767101d80bdc07b437efdf837f58cfa85e73dcc1e3bbb6814f888536bd59da12.exe
    "C:\Users\Admin\AppData\Local\Temp\767101d80bdc07b437efdf837f58cfa85e73dcc1e3bbb6814f888536bd59da12.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2708

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2708-0-0x0000000000470000-0x000000000049E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2708-7-0x0000000000470000-0x000000000049E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2708-8-0x00000000751FE000-0x00000000751FF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2708-9-0x00000000009E0000-0x0000000000A00000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2708-10-0x00000000751F0000-0x00000000759A0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2708-12-0x0000000005300000-0x0000000005918000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2708-11-0x00000000751F0000-0x00000000759A0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2708-13-0x00000000751F0000-0x00000000759A0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2708-14-0x0000000002970000-0x0000000002982000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2708-15-0x0000000005140000-0x000000000524A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2708-16-0x0000000005250000-0x000000000528C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2708-17-0x0000000005920000-0x000000000596C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/2708-18-0x00000000751F0000-0x00000000759A0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2708-19-0x00000000751FE000-0x00000000751FF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2708-20-0x00000000751F0000-0x00000000759A0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2708-21-0x0000000000550000-0x0000000000628000-memory.dmp

    Filesize

    864KB

    Download