redline | 918d5123e77e6f0b7189ec8b0da7ba63e06a882fdf6a48210f6c84dae5a2d18b

Analysis

max time kernel
12s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
04-01-2025 01:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_76cef50e098414de32af52988d891cff.exe
Size

446KB
MD5

76cef50e098414de32af52988d891cff
SHA1

f0ab7616717c8c0fb8a3ff64cbe684e04617f74d
SHA256

918d5123e77e6f0b7189ec8b0da7ba63e06a882fdf6a48210f6c84dae5a2d18b
SHA512

1e2178b003aa79fe4e8340c13c268f2dc7aa35b4db901b91b042bbedcd917282a477fd09c980fc710d195c66d0ea6367e0ebd87a5b7412ca3885eb0003f46376
SSDEEP

12288:PGI/6PYGQqGlpRFBWIrqjJ5nHclq5h0A+tt:PGI/6PYBJXWIrqLHT5Qt

Score

10^/10

redline discovery infostealer

Malware Config

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 2 IoCs

resource	yara_rule
behavioral1/memory/3000-2-0x0000000005A80000-0x0000000005AC6000-memory.dmp	family_redline
behavioral1/memory/3000-4-0x0000000005B10000-0x0000000005B54000-memory.dmp	family_redline

Redline family
redline

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_76cef50e098414de32af52988d891cff.exe

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_76cef50e098414de32af52988d891cff.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_76cef50e098414de32af52988d891cff.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3000-1-0x0000000000400000-0x00000000016E2000-memory.dmp

Filesize
18.9MB

Download
memory/3000-2-0x0000000005A80000-0x0000000005AC6000-memory.dmp

Filesize
280KB

Download
memory/3000-3-0x0000000000400000-0x00000000016E2000-memory.dmp

Filesize
18.9MB

Download
memory/3000-4-0x0000000005B10000-0x0000000005B54000-memory.dmp

Filesize
272KB

Download
memory/3000-6-0x0000000000400000-0x00000000016E2000-memory.dmp

Filesize
18.9MB

Download