Overview

overview

10

Static

static

3

d8d62ed9ae...32.exe

windows7-x64

10

d8d62ed9ae...32.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    20/07/2023, 10:13

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d8d62ed9ae77f1bbdaeca84c08362c32.exe

  • Size

    369KB

  • MD5

    d8d62ed9ae77f1bbdaeca84c08362c32

  • SHA1

    d05cf4ce8894aee13b2ba1c07d6edd340aba25b8

  • SHA256

    87bd91609e43807a44ecf378eec46a6f6f2099897da00868fada238745fb83e2

  • SHA512

    a672a5a8704c7f657083f3a4dbcd67dbbad4c2f76489ce392021e2a591132a8c96956264dd3b7c220e337f04192ed42562d78db0a2beeb42d2ceed3a1191c57c

  • SSDEEP

    6144:l+j1LgXQLFH0cF45E3klYgK1csHxzp0S:lS1sXEU8IEj7vz0S

Score
10/10
redlinelogsdiller cloud (telegram: @logsdillabot)discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (Telegram: @logsdillabot)

C2

178.32.90.250:29608

Attributes
  • auth_value

    c2955ed3813a798683a185a82e949f88

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\d8d62ed9ae77f1bbdaeca84c08362c32.exe
    "C:\Users\Admin\AppData\Local\Temp\d8d62ed9ae77f1bbdaeca84c08362c32.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2512

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2512-54-0x0000000000680000-0x0000000000780000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2512-55-0x0000000000400000-0x00000000005A9000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/2512-56-0x0000000000300000-0x000000000033F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/2512-58-0x00000000748D0000-0x0000000074FBE000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/2512-57-0x00000000023A0000-0x00000000023D8000-memory.dmp

          Filesize

          224KB

          Download

        • memory/2512-59-0x00000000021E0000-0x0000000002220000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2512-60-0x00000000021E0000-0x0000000002220000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2512-61-0x0000000002170000-0x00000000021A4000-memory.dmp

          Filesize

          208KB

          Download

        • memory/2512-62-0x00000000020D0000-0x00000000020D6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2512-63-0x00000000021E0000-0x0000000002220000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2512-65-0x0000000000680000-0x0000000000780000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2512-66-0x00000000748D0000-0x0000000074FBE000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/2512-67-0x00000000021E0000-0x0000000002220000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2512-68-0x00000000021E0000-0x0000000002220000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2512-70-0x0000000000400000-0x00000000005A9000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/2512-71-0x0000000000680000-0x0000000000780000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2512-72-0x00000000748D0000-0x0000000074FBE000-memory.dmp

          Filesize

          6.9MB

          Download