Overview

overview

10

Static

static

10

01463299.exe

windows7-x64

10

01463299.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    138s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/06/2023, 14:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    01463299.exe

  • Size

    95KB

  • MD5

    b47d198865b257ec460d399e6eabf2f7

  • SHA1

    91d6ba1ed98b76730dca1f9a513f8779c442c6ee

  • SHA256

    12aec3ae5c5828745e45a86fedbb1ff4c0631855f8e76d63f0ac7fb554d5afc3

  • SHA512

    af348566dbaa38334deaa1f6402f9667d1ea57684220c018119acd4b1152a989fa657a19fe6778eb4545f15a3ca4d8ae8c81c6e8f2bca5035c38d9d80170f2c8

  • SSDEEP

    1536:Vqse5qeUlbG6jejoigI843Ywzi0Zb78ivombfexv0ujXyyed24tmulgS6pA:TylMY8+zi0ZbYe1g0ujyzdEA

Score
10/10
redlinesectoprat1111111infostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

1111111

C2

188.34.194.107:44644

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat
  • SectopRAT payload 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\01463299.exe
    "C:\Users\Admin\AppData\Local\Temp\01463299.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1260-133-0x0000000000AB0000-0x0000000000ACE000-memory.dmp

    Filesize

    120KB

    Download

  • memory/1260-134-0x0000000005AC0000-0x0000000006064000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/1260-135-0x0000000006690000-0x0000000006CA8000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/1260-136-0x0000000005660000-0x00000000056F2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/1260-137-0x0000000005600000-0x0000000005612000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1260-138-0x00000000061A0000-0x00000000061DC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1260-139-0x0000000005560000-0x0000000005570000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1260-140-0x0000000006530000-0x000000000663A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1260-141-0x0000000005560000-0x0000000005570000-memory.dmp

    Filesize

    64KB

    Download