Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    09-12-2024 13:53

General

  • Target

    dc39a29c04045f125e1c5616871233d85463c67787413d9d412eb4e72415753d.exe

  • Size

    223KB

  • MD5

    6879f050fbb237b164ff8a4d3f1b41dc

  • SHA1

    61d7172a465918eecac8958eb07cbbd345d086ed

  • SHA256

    dc39a29c04045f125e1c5616871233d85463c67787413d9d412eb4e72415753d

  • SHA512

    fd228bc3ce5e3bec6ded587122203fcb3097b8437dfc41aa4b652b2b0c08513f06a9154a53007c42fd49c8b9f24344515d3032115cd371b2ce001e2f7815ad2e

  • SSDEEP

    6144:E+57amV8gvw9jbqViDlTiwmJSo5a+yzi/NyS:h5umvvw5WEMXvObS

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  • RedLine payload 1 IoCs
  • Redline family
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\dc39a29c04045f125e1c5616871233d85463c67787413d9d412eb4e72415753d.exe
    "C:\Users\Admin\AppData\Local\Temp\dc39a29c04045f125e1c5616871233d85463c67787413d9d412eb4e72415753d.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1372

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1372-0-0x00000000746AE000-0x00000000746AF000-memory.dmp

    Filesize

    4KB

  • memory/1372-1-0x0000000000F40000-0x0000000000F70000-memory.dmp

    Filesize

    192KB

  • memory/1372-2-0x00000000746A0000-0x0000000074D8E000-memory.dmp

    Filesize

    6.9MB

  • memory/1372-3-0x00000000746AE000-0x00000000746AF000-memory.dmp

    Filesize

    4KB

  • memory/1372-4-0x00000000746A0000-0x0000000074D8E000-memory.dmp

    Filesize

    6.9MB