Analysis
-
max time kernel
148s -
max time network
163s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
25-12-2023 20:34
General
-
Target
3b9d70c67fb380eedcb5d04c6d3cc9b2.exe
-
Size
2.0MB
-
MD5
3b9d70c67fb380eedcb5d04c6d3cc9b2
-
SHA1
09766d3548390ee90f2b60492cba403871f1f082
-
SHA256
c87beae4bc69463608f2ada586a367e23f167062f6b3a25fb277a2a274dd72e1
-
SHA512
e1a28074a42639b4cdb70915a7bc36e37fa69dd4ce367842a1c7b65447d005dfc020ef0041df6401628e2210a62759b4baf43243697b03c60a219b52b804652a
-
SSDEEP
24576:qja+0QKT262+kJwdU+hJay4RBkzLVumLg5L1GlQNQ6qJ8nwWgCRI4MVATVbZ9ofC:qjaWm2Z+k6S+IE4mEtFNIffcVECb
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
xxluchxx1
C2
185.172.129.61:52372
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload 16 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 16 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3b9d70c67fb380eedcb5d04c6d3cc9b2.exe"C:\Users\Admin\AppData\Local\Temp\3b9d70c67fb380eedcb5d04c6d3cc9b2.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2400-0-0x0000000000FB0000-0x00000000018BE000-memory.dmpFilesize
9.1MB
-
memory/2400-1-0x000000007EBD0000-0x000000007EFA1000-memory.dmpFilesize
3.8MB
-
memory/2400-2-0x0000000073E90000-0x000000007457E000-memory.dmpFilesize
6.9MB
-
memory/2400-3-0x0000000000FB0000-0x00000000018BE000-memory.dmpFilesize
9.1MB
-
memory/2400-4-0x0000000006600000-0x0000000006640000-memory.dmpFilesize
256KB
-
memory/2400-5-0x0000000000FB0000-0x00000000018BE000-memory.dmpFilesize
9.1MB
-
memory/2400-6-0x0000000000FB0000-0x00000000018BE000-memory.dmpFilesize
9.1MB
-
memory/2400-7-0x0000000000FB0000-0x00000000018BE000-memory.dmpFilesize
9.1MB
-
memory/2400-8-0x000000007EBD0000-0x000000007EFA1000-memory.dmpFilesize
3.8MB
-
memory/2400-9-0x0000000073E90000-0x000000007457E000-memory.dmpFilesize
6.9MB
-
memory/2400-10-0x0000000006600000-0x0000000006640000-memory.dmpFilesize
256KB
-
memory/2400-11-0x0000000000FB0000-0x00000000018BE000-memory.dmpFilesize
9.1MB
-
memory/2400-12-0x0000000000FB0000-0x00000000018BE000-memory.dmpFilesize
9.1MB
-
memory/2400-13-0x0000000000FB0000-0x00000000018BE000-memory.dmpFilesize
9.1MB
-
memory/2400-14-0x0000000000FB0000-0x00000000018BE000-memory.dmpFilesize
9.1MB
-
memory/2400-15-0x0000000000FB0000-0x00000000018BE000-memory.dmpFilesize
9.1MB
-
memory/2400-16-0x0000000000FB0000-0x00000000018BE000-memory.dmpFilesize
9.1MB
-
memory/2400-17-0x0000000000FB0000-0x00000000018BE000-memory.dmpFilesize
9.1MB
-
memory/2400-18-0x0000000000FB0000-0x00000000018BE000-memory.dmpFilesize
9.1MB
-
memory/2400-19-0x0000000000FB0000-0x00000000018BE000-memory.dmpFilesize
9.1MB
-
memory/2400-20-0x0000000000FB0000-0x00000000018BE000-memory.dmpFilesize
9.1MB
-
memory/2400-21-0x0000000000FB0000-0x00000000018BE000-memory.dmpFilesize
9.1MB
-
memory/2400-22-0x0000000000FB0000-0x00000000018BE000-memory.dmpFilesize
9.1MB