Analysis
-
max time kernel
131s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
05-12-2024 09:54
Behavioral task
behavioral1
Sample
91a8f7d02e805f34c1971243baf8f91d45ea8f23996eda1d4bb9e33dc6d05693.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
91a8f7d02e805f34c1971243baf8f91d45ea8f23996eda1d4bb9e33dc6d05693.exe
Resource
win10v2004-20241007-en
General
-
Target
91a8f7d02e805f34c1971243baf8f91d45ea8f23996eda1d4bb9e33dc6d05693.exe
-
Size
168KB
-
MD5
57dff738f24a6ceb1914d1bf27ac3124
-
SHA1
f04c772d034bb9a6f704952ccdafd756bd4216c8
-
SHA256
91a8f7d02e805f34c1971243baf8f91d45ea8f23996eda1d4bb9e33dc6d05693
-
SHA512
b7f822cdd6c8eb6e46c86f9252597537ddffebd35040e867e818b59f804fcb28aab33540961741abe97eb0f94b4a76c07ec96d4ff4f737b6f7820a9fce559cc3
-
SSDEEP
3072:8kmfv4r8W2qTvI2t2qVwoMTOIkvl98e8hgm:gfvhZ/Rfkvl9C
Malware Config
Extracted
redline
mixa
185.161.248.75:4132
-
auth_value
9d14534b25ac495ab25b59800acf3bb2
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
resource yara_rule behavioral2/memory/4260-1-0x0000000000930000-0x000000000095E000-memory.dmp family_redline -
Redline family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 91a8f7d02e805f34c1971243baf8f91d45ea8f23996eda1d4bb9e33dc6d05693.exe