Overview

overview

10

Static

static

3

fa9101aab8...92.exe

windows7-x64

10

fa9101aab8...92.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 17:01

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    fa9101aab80dd0d6ac3fbfb2ef8d0592.exe

  • Size

    315KB

  • MD5

    fa9101aab80dd0d6ac3fbfb2ef8d0592

  • SHA1

    f6b0a37e051f21f8ef8b037176f20983b6e8117a

  • SHA256

    e2cd80a3c0d37c2d417b9c564ea138fd53506073bc35ac9113482aa3bdd84c50

  • SHA512

    0eb86877f184df3fffa6c6acf149b3e19fc84fac1cf47055a0d03e531349afde53214e393fe3f6ace938612a62c51f2971fd3108be2d4219cbfc4de3a270599b

  • SSDEEP

    6144:hUpXqkLTMP1YJ+YH/Hqlo3/OHU6gX9L7THlQz7yq:mpXZ3MP1Yos6o3Xd7THlSZ

Score
10/10
redlinesectoprattestinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

test

C2

193.56.146.78:51487

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 2 IoCs
  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat
  • SectopRAT payload 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fa9101aab80dd0d6ac3fbfb2ef8d0592.exe
    "C:\Users\Admin\AppData\Local\Temp\fa9101aab80dd0d6ac3fbfb2ef8d0592.exe"
    1⤵
      PID:2448

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/2448-8-0x0000000006600000-0x0000000006640000-memory.dmp

            Filesize

            256KB

            Download

          • memory/2448-7-0x0000000006600000-0x0000000006640000-memory.dmp

            Filesize

            256KB

            Download

          • memory/2448-6-0x0000000003CC0000-0x0000000003CE2000-memory.dmp

            Filesize

            136KB

            Download

          • memory/2448-5-0x0000000074820000-0x0000000074F0E000-memory.dmp

            Filesize

            6.9MB

            Download

          • memory/2448-4-0x0000000003C40000-0x0000000003C64000-memory.dmp

            Filesize

            144KB

            Download

          • memory/2448-3-0x0000000000400000-0x000000000216C000-memory.dmp

            Filesize

            29.4MB

            Download

          • memory/2448-2-0x0000000000260000-0x0000000000290000-memory.dmp

            Filesize

            192KB

            Download

          • memory/2448-1-0x0000000000290000-0x0000000000390000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/2448-9-0x0000000006600000-0x0000000006640000-memory.dmp

            Filesize

            256KB

            Download

          • memory/2448-10-0x0000000000400000-0x000000000216C000-memory.dmp

            Filesize

            29.4MB

            Download

          • memory/2448-11-0x0000000000260000-0x0000000000290000-memory.dmp

            Filesize

            192KB

            Download

          • memory/2448-12-0x0000000000290000-0x0000000000390000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/2448-14-0x0000000074820000-0x0000000074F0E000-memory.dmp

            Filesize

            6.9MB

            Download

          • memory/2448-15-0x0000000006600000-0x0000000006640000-memory.dmp

            Filesize

            256KB

            Download

          • memory/2448-16-0x0000000006600000-0x0000000006640000-memory.dmp

            Filesize

            256KB

            Download