Analysis
-
max time kernel
145s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
30-05-2023 23:29
Behavioral task
behavioral1
Sample
work.exe
Resource
win7-20230220-en
windows7-x64
5 signatures
150 seconds
General
-
Target
work.exe
-
Size
95KB
-
MD5
f3ea299f7271137cfecf96f4e5d95793
-
SHA1
2d4a118eacab84e67927a23514c80431c5d746c9
-
SHA256
bdfa972772e5e39ca0278b2b100bc364d6ed2b1e0dbedc7bb50606111cad395b
-
SHA512
3ffd2d5ff1efa2de9565f43e298081c66d8ddd44aa121f05b3cf576e757f3b38a7ece170afea96b3941d2a9a76fbd1d03d5e743394bd8545a717bec6fbb41420
-
SSDEEP
1536:1qsIlqWWlbG6jejoigI/43Ywzi0Zb78ivombfexv0ujXyyed28teulgS6pg:zIReY/+zi0ZbYe1g0ujyzd8g
Malware Config
Extracted
Family
redline
Botnet
2
C2
94.142.138.186:1337
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1720-54-0x0000000000AF0000-0x0000000000B0E000-memory.dmp family_redline -
SectopRAT payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1720-54-0x0000000000AF0000-0x0000000000B0E000-memory.dmp family_sectoprat -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
work.exedescription pid process Token: SeDebugPrivilege 1720 work.exe