redline | ff505670ae62fd1bfca0bf10d8cfb7874e3f5d5c823f5c8acf9e796cda5a1943

Analysis

max time kernel
19s
max time network
21s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
10-12-2024 10:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup.exe
Size

1.1MB
MD5

8402ded9b2f0c07d7aca42ffc021faa7
SHA1

3da8599a38ad4c3a51ea4316273d648982aa3161
SHA256

aa8480766448a63a9e7d3f5463ceb7c0539148d42412cfe4ec9572edf97f4bba
SHA512

68e23954f73259708bdc4d384c10442d8d06a40a540758925126e58769b9f6dd3f6f8a3a2beebc28029ba97e657ff173de1dc2ad793f20da0581317df5161d26
SSDEEP

24576:drbA4ECQP2Qh7C0zobAtHOMDuhvZ33XYdE/fLKi+3JG7Dc:BWP2Qh7CSobsCh1F3MCDc

Score

10^/10

redline @dsadasdasd1 discovery infostealer

Malware Config

Extracted

Family

redline

Botnet

@dsadasdasd1

45.15.156.155:80

Attributes

auth_value
e2637596f93702084676494f7e0c2dfd

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral1/memory/4192-2-0x00000000106F0000-0x0000000010718000-memory.dmp	family_redline

Redline family
redline

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe

C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4192-0-0x00000000021A0000-0x00000000021CB000-memory.dmp

Filesize
172KB

Download
memory/4192-1-0x000000007434E000-0x000000007434F000-memory.dmp

Filesize
4KB

Download
memory/4192-2-0x00000000106F0000-0x0000000010718000-memory.dmp

Filesize
160KB

Download
memory/4192-3-0x0000000074340000-0x0000000074AF1000-memory.dmp

Filesize
7.7MB

Download
memory/4192-4-0x0000000074340000-0x0000000074AF1000-memory.dmp

Filesize
7.7MB

Download
memory/4192-5-0x0000000074340000-0x0000000074AF1000-memory.dmp

Filesize
7.7MB

Download
memory/4192-7-0x0000000010EB0000-0x00000000114C8000-memory.dmp

Filesize
6.1MB

Download
memory/4192-6-0x0000000074340000-0x0000000074AF1000-memory.dmp

Filesize
7.7MB

Download
memory/4192-9-0x00000000136D0000-0x00000000136E2000-memory.dmp

Filesize
72KB

Download
memory/4192-8-0x0000000012B60000-0x0000000012C6A000-memory.dmp

Filesize
1.0MB

Download
memory/4192-10-0x0000000013A10000-0x0000000013A4C000-memory.dmp

Filesize
240KB

Download
memory/4192-11-0x0000000013A70000-0x0000000013ABC000-memory.dmp

Filesize
304KB

Download
memory/4192-12-0x00000000021A0000-0x00000000021CB000-memory.dmp

Filesize
172KB

Download
memory/4192-13-0x000000007434E000-0x000000007434F000-memory.dmp

Filesize
4KB

Download
memory/4192-14-0x0000000074340000-0x0000000074AF1000-memory.dmp

Filesize
7.7MB

Download
memory/4192-15-0x0000000074340000-0x0000000074AF1000-memory.dmp

Filesize
7.7MB

Download
memory/4192-16-0x0000000074340000-0x0000000074AF1000-memory.dmp

Filesize
7.7MB

Download