redline | 60611944cc71843ed640dd7151e35eb00b2453c0f608036e5c8884b1d5bcdd6d

Resubmissions

11-01-2025 16:50

250111-vcdeyatngz 10

11-01-2025 16:46

250111-t912tstnds 10

Analysis

max time kernel
132s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-01-2025 16:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

build.exe
Size

300KB
MD5

793a2333af696d2063acda7a2e306540
SHA1

a87c79bdc1ef2916cf3b4943cefcdaab684cc525
SHA256

60611944cc71843ed640dd7151e35eb00b2453c0f608036e5c8884b1d5bcdd6d
SHA512

46d9838f54d04245b894162a8b5025a1940a3e2b05ff28e292f65c9def50c8d9ce06fa9a3cec4846a2400248811ec71b85b6de843a42e8e735f819a732aad81e
SSDEEP

3072:BcZqf7D34+p/0+mA+kyIoMQIgNmB1fA0PuTVAtkxzTa3RneqiOL2bBOA:BcZqf7DIGnEn8B1fA0GTV8kFe7L

Score

10^/10

redline sv0st discovery infostealer

Malware Config

Extracted

Family

redline

Botnet

SV0ST

mbaper-28496.portmap.host:28833

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral1/memory/4412-1-0x00000000003C0000-0x0000000000412000-memory.dmp	family_redline

Redline family
redline

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	build.exe

C:\Users\Admin\AppData\Local\Temp\build.exe
"C:\Users\Admin\AppData\Local\Temp\build.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\BlockRemove.htm

Filesize
106KB

MD5
7c0cd92e7fffc8e53b1f5b26f9e7955c

SHA1
4b116234e1ab5046da4e180042df0a6c4c46df4a

SHA256
10204fa840fdd954529553c54617e9c25288f7bb0888d9758feccaa227a90d9d

SHA512
da8ee0579ae0c439af2cfec2bd50a5f65ba87c6352abd6044c754e2c05190327c547c1562724c00a6d5134586227446fd31074b84e39e35726138dd4ae2274c6

Download Submit
C:\Users\Admin\Desktop\BlockTrace.cr2

Filesize
98KB

MD5
be34d766313b7ffac840fac8888e613d

SHA1
3eca9fea6d07a949bd8114806036c077fd34ed33

SHA256
ab0e76d1f1f7e276df00ca10ecebb38531edd937d507a62ae35e90e815449f5c

SHA512
a602be855cb8d3c32a0cc5cb869d89a0585af875854a00f70258f6b535e5b696d8ee9b885465da916c424d3aac25b75ea675bdbbfbe2c475cb54a4fea449889b

Download Submit
C:\Users\Admin\Desktop\ClearRestart.vsw

Filesize
386KB

MD5
b9548c9035097ffe875a7cc98d61a845

SHA1
f01f04c9bdfcf1f65772a9c295ab6c46cf5e1270

SHA256
05f887a9c499d6bcb444fd5b8a6c2898b56f330b2f2c2a80e97f178e4fbf5f67

SHA512
2f9fb753678126b2c841a66306c08851489f342e67dd87df69cb14864433f2790fcdd13c78343421710e6d4d1c1418d46a6a49144706186d796447e071d241b3

Download Submit
C:\Users\Admin\Desktop\ConnectEnter.dll

Filesize
174KB

MD5
065c23929a384fe0150801b7ba8875cf

SHA1
cdb516dd1c7034205d79fbd2ddfb0c45beaa4f32

SHA256
cc5b9f0c7b6517d5c02bbfc25ed456520b97d237b6507e1950e7513b88742018

SHA512
b9b67ddf6b53ac1843f1c237dab2afe80cc8a85ae2db5ef8005f94554af4f37a44e54240b6ff2f3352cd931cf2065df00373e2d906fda87658d275ba981edc09

Download Submit
C:\Users\Admin\Desktop\CopyJoin.xht

Filesize
265KB

MD5
354e4d769239c4451be86cc79a84fae7

SHA1
6716ef2029e63990e7d72be333634c175748d62a

SHA256
a0a8ed66eca91f0f00da8da9f81132f98875d2acbef6ece1fc8ba173bd431cff

SHA512
1a2f76f51e206413c2e199275a6d0b6351145183eb9eb72fedffd8dd6944d232a080c3073e32d5604f184d3aad345645de9b61967eaea8458756c4ae1c6096c0

Download Submit
C:\Users\Admin\Desktop\DenyMove.m1v

Filesize
204KB

MD5
81db751939c263dec1a544298e923630

SHA1
ad7ee0debedce706371bb89423dc17e792b66f43

SHA256
d58200b0c915b205c31ffa930e8853ef71442fa3985bafb7221b488080786827

SHA512
8872de8d3de79794ce17a6c92aa9fa70c76b90974fb7ebfd3b3db1269dbe2f66ee0c8406f98f63c7c78965c08b298a42f0b83b1bc04a52c39caccaf9c5db1fb9

Download Submit
C:\Users\Admin\Desktop\DisableStep.docx

Filesize
13KB

MD5
23ad4331b48c5855b12e61e6becad4cf

SHA1
c2d285730dec1e2f98c8c9ffc9143c3ef92f35ad

SHA256
0c6aba5c1834f7a04364b759752f55703fceec962c0ddf2b4edea1e78ac41e67

SHA512
54a83164b675a4c02770a4ef418cd16e6b75848b36d59f6ee3fa6f508a1e4cac62adde62df593d235bfbe49602699341597a7457a1f372cdf547b270cc6e9715

Download Submit
C:\Users\Admin\Desktop\DismountSuspend.docx

Filesize
19KB

MD5
86ec73591154c545fbf4a40f6ec0eed2

SHA1
b8a0829f30c84a86cc61f6634d4e47df96e09552

SHA256
c78c156ad05bbefc08e9d368d13737bbed8ee8f967e6df38460eb99beaf4312b

SHA512
014f83577d81f4e4ff98d31cb958104c8d99d89059a220efaf0289825a889897301395bd1cb2b74fe6ca5443b71a5805b566677c19a27aed6418a8f3590573dd

Download Submit
C:\Users\Admin\Desktop\EditUnpublish.midi

Filesize
257KB

MD5
ff0fa1ce482b6803ff6d39c5521aaf20

SHA1
14999355ac05df733928f81f426b98dea09517a6

SHA256
3e3e50241eb5e710a8b30b6f0e345e515fbfb21b9b410015627771d16f9839fe

SHA512
428c2ae911a67ae038334515692934f5005b779bd7f26a6d4619d2cccaa830d1da46c25d7e1bf9bfa63bcfcf307e9e464a5b4d6c47915c975ea09cff08699b9a

Download Submit
C:\Users\Admin\Desktop\ExportPublish.txt

Filesize
181KB

MD5
c3f39d0f15df1ec7adb5bcd749d72105

SHA1
97a8f292f2bec4574dd19f96b23c94aad8eb2448

SHA256
1bed3f8205a120d2d4d94051b3abfdd7d3469023875edfac387a4626227e7adc

SHA512
ea3e833e55c92f93738f331b06ee46c900050f2e850c8cb94688a5c25e65e4d8330532c836bf96c50acec1c103f9e6180bed95d642b06f76f0033f25fb2934bf

Download Submit
C:\Users\Admin\Desktop\GrantResize.xltx

Filesize
212KB

MD5
26d6cf6715a50e0fd42314e188a72f44

SHA1
78fe48437486d6a1de4c3c2680e2dfbaaf4994f7

SHA256
c4a5526057c0154fb7713c48ec064facc4eb21aa3aa63a41f5148552cb8bb06f

SHA512
1a14aaa9dd5d136b9f4b9b714914d6b997ad208ad9b1e9c047b732775436c63489d4f79f45e0f06777d40287eb62696572084a469cec3f42d5ab1748835877df

Download Submit
C:\Users\Admin\Desktop\HideConvertFrom.mov

Filesize
227KB

MD5
e30c4d21ef1a39b43060e36c54bbca43

SHA1
0aa9c4e8ac35bb74dc5404e1e0ebc55e25afab3a

SHA256
79bdc63d7f22d6e89005e8bb20685af0ebe96f0e37f0fc5f73d19f700d952790

SHA512
dd9cedbf19648e663bc3f418a564a25b6aa4aa60e0b422e940755bdfa0b4be0ff9f19ef4982a30da39c0f15b177063738633b0d6d0277df8cf536c0cc184aac4

Download Submit
C:\Users\Admin\Desktop\InitializeUpdate.docx

Filesize
18KB

MD5
f96013d8c0dcec823ec5e7859f0946a1

SHA1
ffc85808128e3a83ddf5f60ddb3a3a4bb68113ec

SHA256
89f92681088b144bac5bd2ab4b81c1a0649f9f547ecdabc93408ff849664d2ea

SHA512
12a1311219cbee6a91ecf31acd1a67f69bce730505563d7583ee0943e85849bcea9757b82baab31ef440496d261a10ff6f79cc8222e3765911285def0d91dee4

Download Submit
C:\Users\Admin\Desktop\JoinRead.png

Filesize
151KB

MD5
2981ba80d8b944fa5c2f931ba44a6211

SHA1
94e96829bafaec240ecb9c35040848e45e540ebe

SHA256
e6b23b20ba5e9bb94504f862471b8f9fea30f4bf217508457245e2ffdeb8d432

SHA512
3c8802301b25800b49f6c9566d6835de127ade5363991efc19e7b714fe691701b7d3dd1445dc93b133dc78e377a6874c1c208a5d1fb18472e079500fd1351c5a

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
898e4c605e6f80aa2c86e7fb916aafdd

SHA1
55dad04bc08f98c55771e6ee1ed87f200333afab

SHA256
f9f31cdf27c0594c4c592ee5291bbed211a1342633892d4cf5b2366744d6d860

SHA512
aa2ff20881373003efb04ed49ec556ae33dbc9996c2c3a513271ab9e055291edad3f9c5605c31e30dce883473dae8eeff7cbcb03f1538fcab08d62eb894994ad

Download Submit
C:\Users\Admin\Desktop\MountResume.odt

Filesize
280KB

MD5
0e60f1f9dff97369c833b3696a4431cb

SHA1
0b30625595b017683f86d2309198433533adac6a

SHA256
1ca078465d34b987980ff916fba02182351fd7a72244b1f9229f7187915ff1e6

SHA512
d9a0710ff643ad5a4c19d1895be77c50220f1fc2f354a52047b6a0629b6323f9d20afd771c84b6754c746ce1d8b0a1038726a128c23cbf9a034c53f773a2cce6

Download Submit
C:\Users\Admin\Desktop\OptimizeReset.docx

Filesize
16KB

MD5
46afd26ee126f4f78b846183afeea48a

SHA1
4da9295efd46ec2e21c762b0ba78cdd4bed7a506

SHA256
8b5ef8c0b7c5d1555b7eb6b26969a823b70069540825fbc524ccec535941b77e

SHA512
f21dd230cc2e0196ecd80887f8c3b234a44e098c6c3be34d2fed558df3aa96ffea16ce06e99941a1c12a302634c5dbf2097e2fafe81698352eb497de1c252616

Download Submit
C:\Users\Admin\Desktop\PushOpen.mpe

Filesize
159KB

MD5
83a90f00e4770a40bb09ce814e516070

SHA1
df82d91f8b73befe10b9e62497aa268afdd123d3

SHA256
a7aa38582b8716cd5b10d530bcc0fb7a140d1c11d9af9d1ac8a052a68f4d1921

SHA512
d8cc1ce1bd0c7377b751c82dd53481125908590692ddcc6eb086a664cc37a4d72d93876a11face730d3e9e595882e790955be646f116f1ba328dcb409924b5c8

Download Submit
C:\Users\Admin\Desktop\ReadUnblock.vdx

Filesize
136KB

MD5
513befeff4133ac22aa1657d5f24c5ba

SHA1
9a45d5681795e54d79d6e6046eabe9652f7e0bba

SHA256
53c7a0ab79de9884ac7110a0278c39fe0c0503103d86c332f74bf97959ad1e58

SHA512
6f07650aab93b783f556068a91f104212571267632c427238965170ef1f542c1164376bbe0a9e943978cd36da347c5ba0c48dbeb3b85d6710824e894574b9aec

Download Submit
C:\Users\Admin\Desktop\RegisterSearch.vbs

Filesize
196KB

MD5
0356d658228bdb5a49aeefa0ddc121a6

SHA1
bac9f8766d7e78ae8a97149c818bf76a4eb18f97

SHA256
541a9f194a7782a91f9bce88cd883a7e23e9df809622971a4149ad7c7be9bb1c

SHA512
5d32f3e8814c9bfbbce768acd67d5ca870b7d66c3c3b70522f85f2316f0b8492e65c84365a6c0269d9f998d1b3a0091faf1d6ef3b81c098a4f93070375c4f43c

Download Submit
C:\Users\Admin\Desktop\RemoveResolve.docx

Filesize
16KB

MD5
cfec7467fda1871878c826fed54480f7

SHA1
c25f40c7545fa06ec21ce21300df5c8a926b844b

SHA256
10f11d00a0ea5afb5c9f15bd07db7d4f5e4ce0efaffc3760b6f8656bfaa8c14b

SHA512
322951c4aa86265ba5f3a286291ce959221508db1b329937a604b1ca194cf28d9ab491a0be0b34b1e279a4fb6f4ca22862b65ed409c4b516a9ae3c8461b952db

Download Submit
C:\Users\Admin\Desktop\ResetJoin.wmx

Filesize
234KB

MD5
28017128dd7f739cb09d576c3ea0b47b

SHA1
8b92c6b9217190ae760f6162d2e98d3d9f45bebe

SHA256
4cc5d71f8a480979552825905d8f692b351100df538c66e72fd3dfc57285b5a4

SHA512
670bd7a955e708254eff033a095ecc9121800fb687606be90008be7ceac05d807eb76127be5a6f15e11f07e86f8bef3143c48a427ac925df1231a9263c5544fd

Download Submit
C:\Users\Admin\Desktop\ResolveDisconnect.pps

Filesize
242KB

MD5
813f1b042d09a2a61e171b11b41d0fef

SHA1
4b4bc68724b0980b565a560940d38647863cedee

SHA256
4481e0f50562bb5be3402353ac5546ab07fb624fa4ef8a4cc086f9c659bb1c09

SHA512
c1711b65d95723a7496c8772cc271dee3e1b70083d06c3e3d8c612b76a342d5b4ad649330af54b96956027de00c29d331f58b6568dbeb51e05d93697b8ec69da

Download Submit
C:\Users\Admin\Desktop\RestartConfirm.wmv

Filesize
121KB

MD5
f596ab2113d4560f5abcb60c4fd4e9fd

SHA1
2d8ba88293f9d0b4b877c87424b3f582ad941eab

SHA256
c32a81aca2b5fb2841b126c3ebc846e41002adf59b4ac29f1a3497a99a58aa69

SHA512
07aee4f3beb3ede3b80be30636a6ca551ed9bd18b1e57b096848f3d611ced785c24c1fa032b117da3d4a55aa9174e005130408a6afb470a98ee91da5f36a0cfb

Download Submit
C:\Users\Admin\Desktop\RestoreRegister.DVR

Filesize
143KB

MD5
d3ef9bc6df7647a9ad336e32d4891aea

SHA1
4d90e34841f7347608201f5216c28dece2ce68b8

SHA256
7360327893cc99e1503963b62142f794f431597458f48a41040cce52ef48f980

SHA512
f0d41b8309e1731c7c873e70a61a8bd343bb235b64c26e00524330ca565f52a9a4d9dbb7923a8d078111d625fa58f9929788b5a99b82e6874df0262d90b75e78

Download Submit
C:\Users\Admin\Desktop\SelectExpand.jfif

Filesize
128KB

MD5
aa8215b402ffaa10a6fef5c7a3dbf9d5

SHA1
00caacbed6dd0a1fb9a6d7f169ddb58247777f15

SHA256
ba48cca58302677d1887b37a838e208257346a9f8f836cd3b77059c09dddb055

SHA512
a98ac82724f0382f9d079bb482ccd029129e1de299a018c41769587ab6a97149c7a4bdce93ae0a05610ffcfea46137da8dc97fb02a15023acfa2827e2ceda3ce

Download Submit
C:\Users\Admin\Desktop\ShowBlock.aif

Filesize
113KB

MD5
b0c0e2782965b53281d7786fb72604e4

SHA1
f1c7461da3553abbaa4777789baba360ca8a5f0e

SHA256
d733907267faec1684f79f1dba7a59307afed0b9ab3d784243d9aa180e0f04b2

SHA512
44486993a604175dd0f5dc11ae326d341a72b11259a461d52cf876c139a111c99b7daa119da49393eb52613d19964af96a6b5ee063b011354d262301f6594cc1

Download Submit
C:\Users\Admin\Desktop\TestCompress.doc

Filesize
189KB

MD5
0ac30002618a7caa7e1a42361135e976

SHA1
333ba73c50d868d64b6c85b487d2eefc4ff131ae

SHA256
e97b93be20576e2840fdd102a6b39b0160c545673da68144516117218d531bf1

SHA512
f47d9c45a06f58e4796f3670e08e77a1319f7efe1d6a6ec74b420696670753a5e445a735722c9535373dbb8f601393c785135ee648670bc41a7ec6007d82a92f

Download Submit
C:\Users\Admin\Desktop\UnlockGroup.emf

Filesize
272KB

MD5
4947007029160001524de3a54da35cae

SHA1
6076bfff859332a2abda8d0a57a53ed367e1601c

SHA256
a9162deda472e331d5b2a5f42e30d5843b840898457015a26457f35fb9f5e37b

SHA512
7764bafb5d7aa4e8815f854829604bab94baa87c52626c3e3209609e001e7ae2e6ae7a3b4026bf57129f335caf8617de9c015b6a29c155ed9feb5572a5741f6d

Download Submit
C:\Users\Admin\Desktop\UnprotectEnter.mpa

Filesize
219KB

MD5
1f616b942e33adb71fe1e9038777de1e

SHA1
7c04e1105a24caad9204e80ca6c6c391b8b1383b

SHA256
79a6c24d38084decbb1632561e5a075899a42effefe846d0719966389de61ac3

SHA512
68c7fd7ca93068e7fd96651284c5e8c8e248097f9fa41a29473ffe2be26cb87e5547785fd397982aa31f5c1f6ac35a240e42acf674cb1c4472fdc2aa5546f3eb

Download Submit
C:\Users\Admin\Desktop\UnprotectLimit.xps

Filesize
166KB

MD5
feb6418c283b9b355212b0eb8b784b72

SHA1
1e34c9bf1e36c86926b7cdd81f70fc24c8db5c93

SHA256
676f8355413f5c922d1cebca0aa3e71dc1403dcadea5c00c91104115dad95733

SHA512
f62d3fdfbc223ec6ddc2e230c506a2cc4636b5c94eff5cdfcbddaac02092d7a21111859a0f9403612f37e745ee16535efb26fb08f1d86ae11708df25deb02a37

Download Submit
C:\Users\Admin\Desktop\WriteUnregister.xml

Filesize
249KB

MD5
b21e358b359f0c877527908187406bff

SHA1
2cd705be93e36593c25f083a86d25284e70d4cf3

SHA256
a4c08135d0cfd3d0bc36b42b2cb730f46701a1d1ec0cac371aaa9298fa06a8f2

SHA512
0f4331352ee95ce877e992c67ee08e89beb77fbfc157e80c1eaa1a6d1d1fa4990caff5b4376587c88cde48a37211425f358fbe31d6bc87fdfd10cc960fce65c1

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
6841cac105d0eed2d6bcb9285f9e44b0

SHA1
52c0d54234608b19ce25919562811539c5f65698

SHA256
1e84db67772e983d04329cad6ec5fe8205113721006518d0cb7c08d35425dff4

SHA512
cd4eaecbc967ada12549081e6fce225da6051c2edfc7e65d90e239450b6551d6d69ce6cccfe21ba00775e811cb605829ed71f7d8be7bf6ca7b9851d042fbe705

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
d4d3040a1c67c538a69bdd2df3b384f0

SHA1
e19846e83dc22111407cfd251d0fb3c3f1429e5b

SHA256
8ffd9b476ffdddcbc6cc244d3305cf447d3afcdc8d897fd7df8614e54f34a773

SHA512
2d5b7374a8268997fde97f8c75ace80d924a207360c6b4854b43ae553f82a61a97367f303c2a0897ca85805918228c7bedef61b08a33e4af4b1682605ecb8d50

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
ea01545d0aeae08eb8dd828d556c6f57

SHA1
3ee2d42681e3e3032007eb3ce33cc057f1c1614f

SHA256
879edcd25a2b736cef9166b27d2c58c57da960e3277659ec9efb61f4e748854a

SHA512
23143911722f5bfe579a8fffb668766381e9ccadf2169fff4ec5bb2dcecb6d27174b54a887daac4aeaff28dd6c63465a628b44cc101e48a48d225fea61b174ed

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
1c443e313ba2cc8bf74e6a9ac0945b20

SHA1
3c8679b4c93bc08b10cb1700bfc29ddf721d48c5

SHA256
ec5d6cdb7cc630b56d8ebe917ef3c2014ecf2cb9aebd18edc34b3f98a9d5a630

SHA512
eb40bcd231e78f7c4284b1ed485628eb820dbf9866faac75f2ae6aeb687e65f44191762409ffa085bb7bafa0274c397f25b4ea44068e6caf5b80fd2970c120b9

Download Submit
memory/4412-5-0x0000000074660000-0x0000000074E10000-memory.dmp

Filesize
7.7MB

Download
memory/4412-8-0x0000000004F60000-0x0000000004F72000-memory.dmp

Filesize
72KB

Download
memory/4412-7-0x00000000050A0000-0x00000000051AA000-memory.dmp

Filesize
1.0MB

Download
memory/4412-6-0x0000000005E10000-0x0000000006428000-memory.dmp

Filesize
6.1MB

Download
memory/4412-12-0x0000000074660000-0x0000000074E10000-memory.dmp

Filesize
7.7MB

Download
memory/4412-4-0x0000000004CF0000-0x0000000004CFA000-memory.dmp

Filesize
40KB

Download
memory/4412-3-0x0000000004D30000-0x0000000004DC2000-memory.dmp

Filesize
584KB

Download
memory/4412-2-0x0000000005240000-0x00000000057E4000-memory.dmp

Filesize
5.6MB

Download
memory/4412-1-0x00000000003C0000-0x0000000000412000-memory.dmp

Filesize
328KB

Download
memory/4412-0-0x000000007466E000-0x000000007466F000-memory.dmp

Filesize
4KB

Download
memory/4412-9-0x0000000004FD0000-0x000000000500C000-memory.dmp

Filesize
240KB

Download
memory/4412-10-0x0000000005020000-0x000000000506C000-memory.dmp

Filesize
304KB

Download
memory/4412-11-0x000000007466E000-0x000000007466F000-memory.dmp

Filesize
4KB

Download