Analysis
-
max time kernel
141s -
max time network
146s -
platform
windows10_x64 -
resource
win10-20220414-en -
submitted
09-05-2022 12:20
Static task
static1
Behavioral task
behavioral1
Sample
7b08f0f328eb6e8e7b9a8740ad462e5768e5ec02a7867ab289749d13ade33fb9.exe
Resource
win10-20220414-en
windows10_x64
0 signatures
0 seconds
General
-
Target
7b08f0f328eb6e8e7b9a8740ad462e5768e5ec02a7867ab289749d13ade33fb9.exe
-
Size
367KB
-
MD5
343ff0c8d60adb517969755c5cbd1c33
-
SHA1
253e3f20fcb18ea9b2e5247208a2425f5a783d87
-
SHA256
7b08f0f328eb6e8e7b9a8740ad462e5768e5ec02a7867ab289749d13ade33fb9
-
SHA512
67dc50737daa6d45acaeff8ae62246be41b519625e2c8437726e6e802832f028dbd8c2bc2f470483fbfcb3bdcf6bb6a0f09985eda98c27e3a6032bbbc8ef4978
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
old
C2
honantharis.xyz:81
Attributes
-
auth_value
eebc7bceda23185ce5e37704c7ee05ed
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3768 7b08f0f328eb6e8e7b9a8740ad462e5768e5ec02a7867ab289749d13ade33fb9.exe