Overview

overview

10

Static

static

10

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-03-2023 13:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tmp.exe

  • Size

    205KB

  • MD5

    b3503746bb7f1d30755c9f4a26ce0a2c

  • SHA1

    2490c2a6b3fad0711993c8bb16aab2d21cefac6f

  • SHA256

    90706da9b2d8dca13b4823cb9b6c95bde3df92ac336826722b33cfe495d2e300

  • SHA512

    142841d0e5a51212af7f7ae6cd083eb5daa2e5542f3c8294524ff8c722a4dcbe8462bf647f928ba3b3edb4d36638a4be5a83ad5762e9b8e66429f6006901b72c

  • SSDEEP

    1536:pqsEFqJklbG6jejoigIg43Ywzi0Zb78ivombfexv0ujXyyed2AtmulgS6pG3OkzB:HYScYg+zi0ZbYe1g0ujyzdspkzLQW

Score
10/10
redlinesectoprat1877infostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

1877

C2

overthinker1877.duckdns.org:60732

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat
  • SectopRAT payload 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\tmp.exe
    "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/956-133-0x0000000000AC0000-0x0000000000AF8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/956-134-0x0000000005AE0000-0x00000000060F8000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/956-135-0x0000000005470000-0x0000000005482000-memory.dmp

    Filesize

    72KB

    Download

  • memory/956-136-0x0000000005500000-0x000000000553C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/956-137-0x0000000005780000-0x000000000588A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/956-138-0x00000000054B0000-0x00000000054C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/956-139-0x00000000054B0000-0x00000000054C0000-memory.dmp

    Filesize

    64KB

    Download