redline | 65666b8099492aaf2a870a74aed2fb2185cfeab7de30166764383058fca1012b

Analysis

max time kernel
141s
max time network
147s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28-12-2023 00:23

Target

bc1156c5a79d58208421c1c6f91dd416.exe
Size

394KB
MD5

bc1156c5a79d58208421c1c6f91dd416
SHA1

ce9bd4dd8381d08872481955b28e56623330f86b
SHA256

65666b8099492aaf2a870a74aed2fb2185cfeab7de30166764383058fca1012b
SHA512

26190c17ee7233ce8b42e725883cef791f8494643b0a31287ef20fdd703951400ccf2c63c33d11edcf0ac546153f648bc35b55b9af53820954dc650d020e2992
SSDEEP

6144:U3Fpuy/ypTnok1MHsh//M99zuQ0jL8OurTh87Bro9NI/aMovvIc+:0uUypTR1MHshO9yQ0/JS987Br/SF

Score

10^/10

Family

redline

Botnet

SewPalpadin

185.215.113.114:8887

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2172-5-0x00000000003D0000-0x00000000003F0000-memory.dmp	family_redline
behavioral1/memory/2172-9-0x0000000002020000-0x000000000203E000-memory.dmp	family_redline

SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
trojan rat sectoprat

SectopRAT payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2172-5-0x00000000003D0000-0x00000000003F0000-memory.dmp	family_sectoprat
behavioral1/memory/2172-9-0x0000000002020000-0x000000000203E000-memory.dmp	family_sectoprat

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

bc1156c5a79d58208421c1c6f91dd416.exe

description pid process

Token: SeDebugPrivilege 2172 bc1156c5a79d58208421c1c6f91dd416.exe

description	pid	process
Token: SeDebugPrivilege	2172	bc1156c5a79d58208421c1c6f91dd416.exe

C:\Users\Admin\AppData\Local\Temp\bc1156c5a79d58208421c1c6f91dd416.exe
"C:\Users\Admin\AppData\Local\Temp\bc1156c5a79d58208421c1c6f91dd416.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2172

memory/2172-1-0x0000000000530000-0x0000000000630000-memory.dmp

Filesize
1024KB

Download
memory/2172-3-0x0000000000400000-0x000000000047D000-memory.dmp

Filesize
500KB

Download
memory/2172-2-0x0000000000220000-0x000000000024F000-memory.dmp

Filesize
188KB

Download
memory/2172-7-0x0000000002390000-0x00000000023D0000-memory.dmp

Filesize
256KB

Download
memory/2172-8-0x0000000002390000-0x00000000023D0000-memory.dmp

Filesize
256KB

Download
memory/2172-6-0x0000000002390000-0x00000000023D0000-memory.dmp

Filesize
256KB

Download
memory/2172-5-0x00000000003D0000-0x00000000003F0000-memory.dmp

Filesize
128KB

Download
memory/2172-9-0x0000000002020000-0x000000000203E000-memory.dmp

Filesize
120KB

Download
memory/2172-4-0x00000000740C0000-0x00000000747AE000-memory.dmp

Filesize
6.9MB

Download
memory/2172-10-0x0000000002390000-0x00000000023D0000-memory.dmp

Filesize
256KB

Download
memory/2172-12-0x0000000000530000-0x0000000000630000-memory.dmp

Filesize
1024KB

Download
memory/2172-13-0x00000000740C0000-0x00000000747AE000-memory.dmp

Filesize
6.9MB

Download
memory/2172-16-0x0000000002390000-0x00000000023D0000-memory.dmp

Filesize
256KB

Download
memory/2172-15-0x0000000002390000-0x00000000023D0000-memory.dmp

Filesize
256KB

Download
memory/2172-17-0x0000000002390000-0x00000000023D0000-memory.dmp

Filesize
256KB

Download
memory/2172-18-0x0000000002390000-0x00000000023D0000-memory.dmp

Filesize
256KB

Download