Analysis
-
max time kernel
141s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
29-03-2023 10:50
Behavioral task
behavioral1
Sample
925f026ee371367364ea2552f9720818b3b17f1bc7b75de1938e73facf9e55b3.exe
Resource
win7-20230220-en
windows7-x64
5 signatures
150 seconds
General
-
Target
925f026ee371367364ea2552f9720818b3b17f1bc7b75de1938e73facf9e55b3.exe
-
Size
95KB
-
MD5
46c08c508d3499e1f4c6b50a60310b7a
-
SHA1
e075354372bded3e06e247a3fb678486b8487c39
-
SHA256
925f026ee371367364ea2552f9720818b3b17f1bc7b75de1938e73facf9e55b3
-
SHA512
aaf9ddfb7326faced9b1d69e7ba2fd56b319bf10a1f46db09ef793f3c67775aa2b541f673ae05e4f4b58cb2d3ecfb62a27f31350a18dc1caa630e74044e5462c
-
SSDEEP
1536:9qsINqLGlbG6jejoigI343Ywzi0Zb78ivombfexv0ujXyyed2g3teulgS6pY:rAMOY3+zi0ZbYe1g0ujyzdOY
Malware Config
Extracted
Family
redline
Botnet
cheat
C2
15.229.47.242:10010
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/1264-54-0x0000000001280000-0x000000000129E000-memory.dmp family_redline behavioral1/memory/1264-55-0x00000000047F0000-0x0000000004830000-memory.dmp family_redline -
SectopRAT payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/1264-54-0x0000000001280000-0x000000000129E000-memory.dmp family_sectoprat behavioral1/memory/1264-55-0x00000000047F0000-0x0000000004830000-memory.dmp family_sectoprat -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
925f026ee371367364ea2552f9720818b3b17f1bc7b75de1938e73facf9e55b3.exedescription pid process Token: SeDebugPrivilege 1264 925f026ee371367364ea2552f9720818b3b17f1bc7b75de1938e73facf9e55b3.exe