Overview

overview

10

Static

static

3

b1cde24567...65.exe

windows7-x64

10

b1cde24567...65.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/12/2023, 22:07

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b1cde24567ac75313ea366fb9620ca65.exe

  • Size

    353KB

  • MD5

    b1cde24567ac75313ea366fb9620ca65

  • SHA1

    b1909e72ed40d8e86ca76d0341bf2e6fc09da9cc

  • SHA256

    6b2aa6f21925a0427ebde2829192d9c9ff01f5eaec751366b18df4b0e77f06fd

  • SHA512

    043a6c08a1f3aa31e99aa21c086ad514e1e11919b1772068421334002f42cbe1eaeb8e6f6b042cd6eb04f6309f1fcdd71df4b1928aab92773cece0de2b7eff21

  • SSDEEP

    6144:XQWRZhTyPdC6SgoveUoRk1uK2DNXUnRsM7VRsRharClbML7B:XfDhyPdC/gLPRZZfM73w5VwN

Score
10/10
redlinesectopratpaladininfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

paladin

C2

178.63.26.132:29795

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 2 IoCs
  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat
  • SectopRAT payload 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b1cde24567ac75313ea366fb9620ca65.exe
    "C:\Users\Admin\AppData\Local\Temp\b1cde24567ac75313ea366fb9620ca65.exe"
    1⤵
      PID:4456

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/4456-1-0x0000000000A40000-0x0000000000B40000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/4456-2-0x0000000000990000-0x00000000009D3000-memory.dmp

            Filesize

            268KB

            Download

          • memory/4456-3-0x0000000000400000-0x0000000000888000-memory.dmp

            Filesize

            4.5MB

            Download

          • memory/4456-4-0x0000000004DB0000-0x0000000004DE6000-memory.dmp

            Filesize

            216KB

            Download

          • memory/4456-6-0x0000000004E40000-0x0000000004E50000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4456-5-0x0000000074DC0000-0x0000000075570000-memory.dmp

            Filesize

            7.7MB

            Download

          • memory/4456-7-0x0000000004E40000-0x0000000004E50000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4456-8-0x0000000004E50000-0x00000000053F4000-memory.dmp

            Filesize

            5.6MB

            Download

          • memory/4456-9-0x0000000005410000-0x0000000005444000-memory.dmp

            Filesize

            208KB

            Download

          • memory/4456-11-0x0000000005B00000-0x0000000005B12000-memory.dmp

            Filesize

            72KB

            Download

          • memory/4456-10-0x0000000005440000-0x0000000005A58000-memory.dmp

            Filesize

            6.1MB

            Download

          • memory/4456-12-0x0000000005B20000-0x0000000005C2A000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/4456-13-0x0000000004E40000-0x0000000004E50000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4456-14-0x0000000005C30000-0x0000000005C6C000-memory.dmp

            Filesize

            240KB

            Download

          • memory/4456-15-0x0000000005CB0000-0x0000000005CFC000-memory.dmp

            Filesize

            304KB

            Download

          • memory/4456-16-0x0000000000400000-0x0000000000888000-memory.dmp

            Filesize

            4.5MB

            Download

          • memory/4456-17-0x0000000000A40000-0x0000000000B40000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/4456-18-0x0000000000990000-0x00000000009D3000-memory.dmp

            Filesize

            268KB

            Download

          • memory/4456-19-0x0000000074DC0000-0x0000000075570000-memory.dmp

            Filesize

            7.7MB

            Download

          • memory/4456-20-0x0000000004E40000-0x0000000004E50000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4456-22-0x0000000004E40000-0x0000000004E50000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4456-23-0x0000000004E40000-0x0000000004E50000-memory.dmp

            Filesize

            64KB

            Download