Overview

overview

10

Static

static

3

af3f1b93cc...0b.exe

windows7-x64

10

af3f1b93cc...0b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2023, 13:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    af3f1b93cce500d9eb9d24fb0495db0b.exe

  • Size

    1.1MB

  • MD5

    af3f1b93cce500d9eb9d24fb0495db0b

  • SHA1

    c55949344d31959d49ee882c2ecc86e574cc1b30

  • SHA256

    ee48f3441284594faf59c2066e62706dd813c3fd1a12f957bc8965e06735054c

  • SHA512

    e5a38e5680116faf86832d1a702202d52fd7b04e59e375d40b4d240665ca62488f690f6610fca222634adef023036c9a441f05ae4f6f6f1d4bc5756f1c7f56ad

  • SSDEEP

    24576:DZqHETYJPDyXcfS1U0zyr9s/kGXAnnlHRiTp7PX60X06m6w:AJPDOcfSG0zy2/HAlxiNLQ6

Score
10/10
redlinesectopratcheatinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

185.17.3.61:26769

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat
  • SectopRAT payload 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\af3f1b93cce500d9eb9d24fb0495db0b.exe
    "C:\Users\Admin\AppData\Local\Temp\af3f1b93cce500d9eb9d24fb0495db0b.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2396-0-0x0000000001000000-0x0000000001384000-memory.dmp

    Filesize

    3.5MB

    Download

  • memory/2396-1-0x0000000073D60000-0x0000000074510000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2396-2-0x0000000001000000-0x0000000001384000-memory.dmp

    Filesize

    3.5MB

    Download

  • memory/2396-3-0x00000000062F0000-0x0000000006908000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2396-4-0x0000000005D30000-0x0000000005D42000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2396-5-0x0000000005D90000-0x0000000005DCC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2396-6-0x0000000003AE0000-0x0000000003AF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2396-7-0x0000000005DD0000-0x0000000005E1C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/2396-8-0x0000000006010000-0x000000000611A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2396-11-0x0000000001000000-0x0000000001384000-memory.dmp

    Filesize

    3.5MB

    Download

  • memory/2396-12-0x0000000073D60000-0x0000000074510000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2396-13-0x0000000003AE0000-0x0000000003AF0000-memory.dmp

    Filesize

    64KB

    Download