Analysis
-
max time kernel
132s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
14-12-2024 14:01
Behavioral task
behavioral1
Sample
e1d0fe3bada7fdec17d7279e6294731e2684399905f05e5a3449ba14542b1379.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e1d0fe3bada7fdec17d7279e6294731e2684399905f05e5a3449ba14542b1379.exe
Resource
win10v2004-20241007-en
General
-
Target
e1d0fe3bada7fdec17d7279e6294731e2684399905f05e5a3449ba14542b1379.exe
-
Size
304KB
-
MD5
0f02da56dab4bc19fca05d6d93e74dcf
-
SHA1
a809c7e9c3136b8030727f128004aa2c31edc7a9
-
SHA256
e1d0fe3bada7fdec17d7279e6294731e2684399905f05e5a3449ba14542b1379
-
SHA512
522ec9042680a94a73cefa56e7902bacb166e23484f041c9e06dce033d3d16d13f7508f4d1e160c81198f61aa8c9a5aecfa62068150705ecf4803733f7e01ded
-
SSDEEP
3072:wq6EgY6imrUjTBUzwPC24EowndGt16TAHtASi6lcZqf7D34leqiOLibBOw:zqY6i8wPeEZndGtMTANAUlcZqf7DIvL
Malware Config
Extracted
redline
BUY TG @FATHEROFCARDERS
45.66.231.214:9932
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
resource yara_rule behavioral2/memory/2160-1-0x0000000000410000-0x0000000000462000-memory.dmp family_redline -
Redline family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language e1d0fe3bada7fdec17d7279e6294731e2684399905f05e5a3449ba14542b1379.exe