Analysis
-
max time kernel
149s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
28-03-2023 08:54
Behavioral task
behavioral1
Sample
bc2ff2eb335a461478e3f34cbbc5dda052ae7918eb88822fceafd90157cbac03.exe
Resource
win7-20230220-en
General
-
Target
bc2ff2eb335a461478e3f34cbbc5dda052ae7918eb88822fceafd90157cbac03.exe
-
Size
95KB
-
MD5
a1f1576ea9d02b0ba28f62fae150550c
-
SHA1
3ff31d9c3a27c9e30300eee7191d331d97d83d39
-
SHA256
bc2ff2eb335a461478e3f34cbbc5dda052ae7918eb88822fceafd90157cbac03
-
SHA512
ca2b11c2f511c62eea798f23ae3ddcaca2176c0e128de73323a9983065bfb36aaffdbbff0d5c13f17875d0e6819e00c6a75a1ac791477d14bd51cb55b356279a
-
SSDEEP
1536:aqsWuqBXlbG6jejoigIL43Ywzi0Zb78ivombfexv0ujXyyed2vtmulgS6pw:IlilYL+zi0ZbYe1g0ujyzdnw
Malware Config
Extracted
redline
alice
laptop-senp05hg.tailebd9d.ts.net:38192
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/1712-54-0x0000000000320000-0x000000000033E000-memory.dmp family_redline behavioral1/memory/1712-55-0x0000000004AE0000-0x0000000004B20000-memory.dmp family_redline -
SectopRAT payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/1712-54-0x0000000000320000-0x000000000033E000-memory.dmp family_sectoprat behavioral1/memory/1712-55-0x0000000004AE0000-0x0000000004B20000-memory.dmp family_sectoprat -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
bc2ff2eb335a461478e3f34cbbc5dda052ae7918eb88822fceafd90157cbac03.exedescription pid process Token: SeDebugPrivilege 1712 bc2ff2eb335a461478e3f34cbbc5dda052ae7918eb88822fceafd90157cbac03.exe