Analysis
-
max time kernel
151s -
max time network
168s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25/12/2023, 11:55
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
1c5f4d2d8766d27b7dc676a8ee40e5d1.exe
Resource
win7-20231215-en
5 signatures
150 seconds
General
-
Target
1c5f4d2d8766d27b7dc676a8ee40e5d1.exe
-
Size
397KB
-
MD5
1c5f4d2d8766d27b7dc676a8ee40e5d1
-
SHA1
56bf32c0b86edf959c4f14e9b0fa3c34bf729c25
-
SHA256
05aeadc7b75fdba7ed95f7c463025ee276033b4fe073b40030e97a3397c4006c
-
SHA512
4d9f7bbcf63333eccec955fba56d8b04871e4851b82684c909ec3639b027bebc946e92197c2b9925d32fc4b18286a3b96b751d9c83a0ca34dc33109de031e028
-
SSDEEP
6144:0IVFujZ6g5JK907Nib8kCMH9w4F0FWH2XrZFMB2ey1MpfG0qypAy68ApQeR7:B4Z6q807kbwMHKDoH27srmIhpx6pQe
Malware Config
Extracted
Family
redline
Botnet
CUC
C2
185.215.113.45:41009
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 2 IoCs
resource yara_rule behavioral2/memory/4972-6-0x00000000022C0000-0x00000000022E0000-memory.dmp family_redline behavioral2/memory/4972-8-0x0000000002690000-0x00000000026AE000-memory.dmp family_redline -
SectopRAT payload 3 IoCs
resource yara_rule behavioral2/memory/4972-6-0x00000000022C0000-0x00000000022E0000-memory.dmp family_sectoprat behavioral2/memory/4972-8-0x0000000002690000-0x00000000026AE000-memory.dmp family_sectoprat behavioral2/memory/4972-21-0x0000000004CC0000-0x0000000004CD0000-memory.dmp family_sectoprat -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4972 1c5f4d2d8766d27b7dc676a8ee40e5d1.exe