Analysis
-
max time kernel
141s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
29-03-2023 10:50
General
-
Target
925f026ee371367364ea2552f9720818b3b17f1bc7b75de1938e73facf9e55b3.exe
-
Size
95KB
-
MD5
46c08c508d3499e1f4c6b50a60310b7a
-
SHA1
e075354372bded3e06e247a3fb678486b8487c39
-
SHA256
925f026ee371367364ea2552f9720818b3b17f1bc7b75de1938e73facf9e55b3
-
SHA512
aaf9ddfb7326faced9b1d69e7ba2fd56b319bf10a1f46db09ef793f3c67775aa2b541f673ae05e4f4b58cb2d3ecfb62a27f31350a18dc1caa630e74044e5462c
-
SSDEEP
1536:9qsINqLGlbG6jejoigI343Ywzi0Zb78ivombfexv0ujXyyed2g3teulgS6pY:rAMOY3+zi0ZbYe1g0ujyzdOY
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
cheat
C2
15.229.47.242:10010
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 2 IoCs
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\925f026ee371367364ea2552f9720818b3b17f1bc7b75de1938e73facf9e55b3.exe"C:\Users\Admin\AppData\Local\Temp\925f026ee371367364ea2552f9720818b3b17f1bc7b75de1938e73facf9e55b3.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1264-54-0x0000000001280000-0x000000000129E000-memory.dmpFilesize
120KB
-
memory/1264-55-0x00000000047F0000-0x0000000004830000-memory.dmpFilesize
256KB
-
memory/1264-56-0x00000000047F0000-0x0000000004830000-memory.dmpFilesize
256KB