redline | 62701743e7873627246728a2c9ea0f47bb2e7496df52635864e26adeb0a4f4b9

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
24-11-2024 08:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

62701743e7873627246728a2c9ea0f47bb2e7496df52635864e26adeb0a4f4b9N.exe
Size

168KB
MD5

46eb52fce5d4072d90de6c39a389c390
SHA1

97304f9e710a75bb1a3e2fe9207725629231be8e
SHA256

62701743e7873627246728a2c9ea0f47bb2e7496df52635864e26adeb0a4f4b9
SHA512

b47c66821ef8cc37bc8b5b54b84911416320741bbad541a0e2150a31dc1a3df16a4a514e99e2bb6142e06d32d17dd670cd26b4e54feb32128c5708c35772d335
SSDEEP

3072:iKAauIg8WXywg4y1LqVcwUN2rRK0J8e8hx:iKAfrszeRK0J

Score

10^/10

redline divan discovery infostealer

Malware Config

Extracted

Family

redline

Botnet

divan

217.196.96.102:4132

Attributes

auth_value
b414986bebd7f5a3ec9aee0341b8e769

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1824-1-0x00000000008E0000-0x000000000090E000-memory.dmp	family_redline

Redline family
redline

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

62701743e7873627246728a2c9ea0f47bb2e7496df52635864e26adeb0a4f4b9N.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	62701743e7873627246728a2c9ea0f47bb2e7496df52635864e26adeb0a4f4b9N.exe

C:\Users\Admin\AppData\Local\Temp\62701743e7873627246728a2c9ea0f47bb2e7496df52635864e26adeb0a4f4b9N.exe
"C:\Users\Admin\AppData\Local\Temp\62701743e7873627246728a2c9ea0f47bb2e7496df52635864e26adeb0a4f4b9N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1824-0-0x0000000074B9E000-0x0000000074B9F000-memory.dmp

Filesize
4KB

Download
memory/1824-1-0x00000000008E0000-0x000000000090E000-memory.dmp

Filesize
184KB

Download
memory/1824-2-0x0000000000250000-0x0000000000256000-memory.dmp

Filesize
24KB

Download
memory/1824-3-0x0000000074B90000-0x000000007527E000-memory.dmp

Filesize
6.9MB

Download
memory/1824-4-0x0000000074B9E000-0x0000000074B9F000-memory.dmp

Filesize
4KB

Download
memory/1824-5-0x0000000074B90000-0x000000007527E000-memory.dmp

Filesize
6.9MB

Download