redline | 6b2aa6f21925a0427ebde2829192d9c9ff01f5eaec751366b18df4b0e77f06fd

Analysis

max time kernel
149s
max time network
164s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19-12-2023 22:07

Target

b1cde24567ac75313ea366fb9620ca65.exe
Size

353KB
MD5

b1cde24567ac75313ea366fb9620ca65
SHA1

b1909e72ed40d8e86ca76d0341bf2e6fc09da9cc
SHA256

6b2aa6f21925a0427ebde2829192d9c9ff01f5eaec751366b18df4b0e77f06fd
SHA512

043a6c08a1f3aa31e99aa21c086ad514e1e11919b1772068421334002f42cbe1eaeb8e6f6b042cd6eb04f6309f1fcdd71df4b1928aab92773cece0de2b7eff21
SSDEEP

6144:XQWRZhTyPdC6SgoveUoRk1uK2DNXUnRsM7VRsRharClbML7B:XfDhyPdC/gLPRZZfM73w5VwN

Score

10^/10

Family

redline

Botnet

paladin

178.63.26.132:29795

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 3 IoCs

resource	yara_rule
behavioral1/memory/1632-4-0x0000000002180000-0x00000000021B6000-memory.dmp	family_redline
behavioral1/memory/1632-9-0x0000000002220000-0x0000000002254000-memory.dmp	family_redline
behavioral1/memory/1632-10-0x0000000004E00000-0x0000000004E40000-memory.dmp	family_redline

SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
trojan rat sectoprat

SectopRAT payload 4 IoCs

resource	yara_rule
behavioral1/memory/1632-4-0x0000000002180000-0x00000000021B6000-memory.dmp	family_sectoprat
behavioral1/memory/1632-8-0x0000000004E00000-0x0000000004E40000-memory.dmp	family_sectoprat
behavioral1/memory/1632-9-0x0000000002220000-0x0000000002254000-memory.dmp	family_sectoprat
behavioral1/memory/1632-10-0x0000000004E00000-0x0000000004E40000-memory.dmp	family_sectoprat

C:\Users\Admin\AppData\Local\Temp\b1cde24567ac75313ea366fb9620ca65.exe
"C:\Users\Admin\AppData\Local\Temp\b1cde24567ac75313ea366fb9620ca65.exe"
1⤵
PID:1632

memory/1632-1-0x0000000000910000-0x0000000000A10000-memory.dmp

Filesize
1024KB

Download
memory/1632-2-0x00000000002B0000-0x00000000002F3000-memory.dmp

Filesize
268KB

Download
memory/1632-3-0x0000000000400000-0x0000000000888000-memory.dmp

Filesize
4.5MB

Download
memory/1632-6-0x0000000004E00000-0x0000000004E40000-memory.dmp

Filesize
256KB

Download
memory/1632-5-0x0000000074B20000-0x000000007520E000-memory.dmp

Filesize
6.9MB

Download
memory/1632-4-0x0000000002180000-0x00000000021B6000-memory.dmp

Filesize
216KB

Download
memory/1632-7-0x0000000004E00000-0x0000000004E40000-memory.dmp

Filesize
256KB

Download
memory/1632-8-0x0000000004E00000-0x0000000004E40000-memory.dmp

Filesize
256KB

Download
memory/1632-9-0x0000000002220000-0x0000000002254000-memory.dmp

Filesize
208KB

Download
memory/1632-10-0x0000000004E00000-0x0000000004E40000-memory.dmp

Filesize
256KB

Download
memory/1632-11-0x0000000000910000-0x0000000000A10000-memory.dmp

Filesize
1024KB

Download
memory/1632-13-0x0000000074B20000-0x000000007520E000-memory.dmp

Filesize
6.9MB

Download
memory/1632-14-0x0000000004E00000-0x0000000004E40000-memory.dmp

Filesize
256KB

Download