redline | e2cd80a3c0d37c2d417b9c564ea138fd53506073bc35ac9113482aa3bdd84c50

Analysis

max time kernel
149s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2023 17:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa9101aab80dd0d6ac3fbfb2ef8d0592.exe
Size

315KB
MD5

fa9101aab80dd0d6ac3fbfb2ef8d0592
SHA1

f6b0a37e051f21f8ef8b037176f20983b6e8117a
SHA256

e2cd80a3c0d37c2d417b9c564ea138fd53506073bc35ac9113482aa3bdd84c50
SHA512

0eb86877f184df3fffa6c6acf149b3e19fc84fac1cf47055a0d03e531349afde53214e393fe3f6ace938612a62c51f2971fd3108be2d4219cbfc4de3a270599b
SSDEEP

6144:hUpXqkLTMP1YJ+YH/Hqlo3/OHU6gX9L7THlQz7yq:mpXZ3MP1Yos6o3Xd7THlSZ

Score

10^/10

redline sectoprat test infostealer rat trojan

Malware Config

Extracted

Family

redline

Botnet

test

193.56.146.78:51487

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 2 IoCs

resource	yara_rule
behavioral2/memory/3924-3-0x0000000003FE0000-0x0000000004004000-memory.dmp	family_redline
behavioral2/memory/3924-8-0x0000000004130000-0x0000000004152000-memory.dmp	family_redline

SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
trojan rat sectoprat

SectopRAT payload 4 IoCs

resource	yara_rule
behavioral2/memory/3924-3-0x0000000003FE0000-0x0000000004004000-memory.dmp	family_sectoprat
behavioral2/memory/3924-5-0x0000000003EB0000-0x0000000003EC0000-memory.dmp	family_sectoprat
behavioral2/memory/3924-8-0x0000000004130000-0x0000000004152000-memory.dmp	family_sectoprat
behavioral2/memory/3924-13-0x0000000003EB0000-0x0000000003EC0000-memory.dmp	family_sectoprat

C:\Users\Admin\AppData\Local\Temp\fa9101aab80dd0d6ac3fbfb2ef8d0592.exe
"C:\Users\Admin\AppData\Local\Temp\fa9101aab80dd0d6ac3fbfb2ef8d0592.exe"
1⤵
PID:3924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3924-1-0x0000000002470000-0x0000000002570000-memory.dmp

Filesize
1024KB

Download
memory/3924-2-0x00000000023F0000-0x0000000002420000-memory.dmp

Filesize
192KB

Download
memory/3924-3-0x0000000003FE0000-0x0000000004004000-memory.dmp

Filesize
144KB

Download
memory/3924-4-0x0000000000400000-0x000000000216C000-memory.dmp

Filesize
29.4MB

Download
memory/3924-5-0x0000000003EB0000-0x0000000003EC0000-memory.dmp

Filesize
64KB

Download
memory/3924-7-0x0000000006740000-0x0000000006CE4000-memory.dmp

Filesize
5.6MB

Download
memory/3924-8-0x0000000004130000-0x0000000004152000-memory.dmp

Filesize
136KB

Download
memory/3924-9-0x0000000074E00000-0x00000000755B0000-memory.dmp

Filesize
7.7MB

Download
memory/3924-6-0x0000000003EB0000-0x0000000003EC0000-memory.dmp

Filesize
64KB

Download
memory/3924-10-0x0000000006CF0000-0x0000000007308000-memory.dmp

Filesize
6.1MB

Download
memory/3924-12-0x00000000073C0000-0x00000000074CA000-memory.dmp

Filesize
1.0MB

Download
memory/3924-11-0x00000000073A0000-0x00000000073B2000-memory.dmp

Filesize
72KB

Download
memory/3924-13-0x0000000003EB0000-0x0000000003EC0000-memory.dmp

Filesize
64KB

Download
memory/3924-14-0x00000000074D0000-0x000000000750C000-memory.dmp

Filesize
240KB

Download
memory/3924-15-0x0000000007550000-0x000000000759C000-memory.dmp

Filesize
304KB

Download
memory/3924-16-0x0000000000400000-0x000000000216C000-memory.dmp

Filesize
29.4MB

Download
memory/3924-18-0x00000000023F0000-0x0000000002420000-memory.dmp

Filesize
192KB

Download
memory/3924-17-0x0000000002470000-0x0000000002570000-memory.dmp

Filesize
1024KB

Download
memory/3924-20-0x0000000003EB0000-0x0000000003EC0000-memory.dmp

Filesize
64KB

Download
memory/3924-21-0x0000000074E00000-0x00000000755B0000-memory.dmp

Filesize
7.7MB

Download
memory/3924-22-0x0000000003EB0000-0x0000000003EC0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads