Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
24/12/2023, 23:13
Behavioral task
behavioral1
Sample
18851ac1b5161ebdb1b2cf9a9e69ffaa.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
18851ac1b5161ebdb1b2cf9a9e69ffaa.exe
Resource
win10v2004-20231222-en
General
-
Target
18851ac1b5161ebdb1b2cf9a9e69ffaa.exe
-
Size
289KB
-
MD5
18851ac1b5161ebdb1b2cf9a9e69ffaa
-
SHA1
7e1ad712092fa0244618d63cbc40ee0a905310bd
-
SHA256
2cb5d586b1e5511df8134203c1533d3d49107f53c84156cb3f0083c9d75dd0b0
-
SHA512
eb3d79b17da3109d199d34ff4abe914551305e481e75b38f3fa9d87e67451898dea1e048655f6d7bc7522d2392fbcc145221128a9c2e183a296ed965f64f2436
-
SSDEEP
3072:2xmocnUDJX69gbucyzd8SnvmMWmku5+GwZWtFchWdwL4Rzql:pnUF6yZy+Ygu+hItFA4Ru
Malware Config
Extracted
redline
NetFramework
yonicathal.xyz:80
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
resource yara_rule behavioral2/memory/1984-0-0x0000000000200000-0x000000000024E000-memory.dmp family_redline -
SectopRAT payload 1 IoCs
resource yara_rule behavioral2/memory/1984-0-0x0000000000200000-0x000000000024E000-memory.dmp family_sectoprat -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1984 18851ac1b5161ebdb1b2cf9a9e69ffaa.exe