Overview

overview

10

Static

static

10

2248-5-0x0...ry.exe

windows7-x64

10

2248-5-0x0...ry.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-12-2023 19:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2248-5-0x0000000001F30000-0x0000000001F4E000-memory.exe

  • Size

    120KB

  • MD5

    3ef7828f086c247b611a19ffaef572e2

  • SHA1

    bcf625b793d44991683a0f53075f772da6d66cf2

  • SHA256

    6c1ec708de654bb6cee0784bf7e218045258a53031732972e3da6af5a2218d7e

  • SHA512

    192ea7a062a1a5e4e7e1ad50537292f0ed64aaf8874756829b4d313f58b36da58f2056a9988f103baa884151c0b1de92004419178167b5ed7981241df9db1b02

  • SSDEEP

    1536:4xCPBwvydb9cTt0fIX+A0dNN3P0dtJqBbNiMxyaVI1G2WUZE+G6ze71:CCWyl9x1NNf0dtJiVxyaQWBeS1

Score
10/10
redlinesectopratanbtcinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

AnBtc

C2

86.107.197.160:3214

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat
  • SectopRAT payload 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2248-5-0x0000000001F30000-0x0000000001F4E000-memory.exe
    "C:\Users\Admin\AppData\Local\Temp\2248-5-0x0000000001F30000-0x0000000001F4E000-memory.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1036-0-0x0000000000860000-0x000000000087E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/1036-1-0x00000000745F0000-0x0000000074DA0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1036-2-0x00000000057B0000-0x0000000005DC8000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/1036-3-0x0000000005220000-0x0000000005232000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1036-4-0x0000000005280000-0x00000000052BC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1036-5-0x0000000005360000-0x0000000005370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1036-6-0x00000000052C0000-0x000000000530C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/1036-7-0x0000000005530000-0x000000000563A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1036-8-0x00000000745F0000-0x0000000074DA0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1036-9-0x0000000005360000-0x0000000005370000-memory.dmp

    Filesize

    64KB

    Download