redline | 0966b8fa44d66718e1e97ea0deb405d742b88e8cc35bec9408e5206c82940866

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-01-2025 16:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

build.exe
Size

300KB
MD5

c681779d066264777f4dfc8002e2d851
SHA1

9f5d446d8ff6042992b01f143e98781446bda8c8
SHA256

0966b8fa44d66718e1e97ea0deb405d742b88e8cc35bec9408e5206c82940866
SHA512

a7ec8c52738dcba598749430b0c373095f2cb56766afc1f238d86ea89973ff1f4f3fc64f85fc7351353e08ea4bf75e435f5e5fcc724df346e54294269fcf6763
SSDEEP

3072:ecZqf7D341p/0+mAKky4iSQIgl+B1fA0PuTVAtkxzs3RweqiOL2bBOA:ecZqf7DIvnSR8B1fA0GTV8kGQL

Score

10^/10

redline sv0st discovery infostealer

Malware Config

Extracted

Family

redline

Botnet

SV0ST

mbaper-28496.portmap.host:2420

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral2/memory/3380-1-0x0000000000BD0000-0x0000000000C22000-memory.dmp	family_redline

Redline family
redline

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	build.exe

C:\Users\Admin\AppData\Local\Temp\build.exe
"C:\Users\Admin\AppData\Local\Temp\build.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3380-0-0x0000000074BEE000-0x0000000074BEF000-memory.dmp

Filesize
4KB

Download
memory/3380-1-0x0000000000BD0000-0x0000000000C22000-memory.dmp

Filesize
328KB

Download
memory/3380-2-0x0000000005BE0000-0x0000000006184000-memory.dmp

Filesize
5.6MB

Download
memory/3380-3-0x0000000005510000-0x00000000055A2000-memory.dmp

Filesize
584KB

Download
memory/3380-5-0x0000000005500000-0x000000000550A000-memory.dmp

Filesize
40KB

Download
memory/3380-4-0x0000000074BE0000-0x0000000075390000-memory.dmp

Filesize
7.7MB

Download
memory/3380-6-0x00000000067B0000-0x0000000006DC8000-memory.dmp

Filesize
6.1MB

Download
memory/3380-7-0x00000000058D0000-0x00000000059DA000-memory.dmp

Filesize
1.0MB

Download
memory/3380-8-0x0000000005680000-0x0000000005692000-memory.dmp

Filesize
72KB

Download
memory/3380-9-0x0000000005800000-0x000000000583C000-memory.dmp

Filesize
240KB

Download
memory/3380-10-0x0000000005840000-0x000000000588C000-memory.dmp

Filesize
304KB

Download
memory/3380-11-0x0000000074BEE000-0x0000000074BEF000-memory.dmp

Filesize
4KB

Download
memory/3380-12-0x0000000074BE0000-0x0000000075390000-memory.dmp

Filesize
7.7MB

Download