Analysis
-
max time kernel
7s -
max time network
10s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
-
submitted
29-06-2024 18:25
General
-
Target
Redline Stealer.rar
-
Size
1.9MB
-
MD5
804930714f5da20e35e42cd74c195a4e
-
SHA1
bbb8cd45f3a8504e40d832bf6edd6befa0f21da2
-
SHA256
1aa6211a075d828327681307b51741b8c931514c1a387fb45f9d9cc8fcfb8acd
-
SHA512
cf36e07550531e4683a13bd9903c3bc24fc2a7937837160963e6afd63f120bd0b78d7b9c576f356e954b5fe6dfe2857957c71dc31d100d8cc824495333679e30
-
SSDEEP
49152:cGgYV/h2P1tXK/zYhv/5B+sE1Icb+ehyl30ynqkL:cGge2PzXK/e//+sE1da31L
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Redline Stealer.rar"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Redline Stealer.rar2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Redline Stealer.rar3⤵
- Modifies registry class