Overview

overview

10

Static

static

3

d2e9b7471d...02.exe

windows7-x64

10

d2e9b7471d...02.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    146s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    28-12-2023 08:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d2e9b7471d386d9c5c5494cd7c5fb502.exe

  • Size

    395KB

  • MD5

    d2e9b7471d386d9c5c5494cd7c5fb502

  • SHA1

    a716b9aa1fcb975150cdae304713491292aaec00

  • SHA256

    ee50198b09c0e5dac3819efe7ed4688197018acb14c745e4722a3db323a87889

  • SHA512

    634f94048356e0abf795877e9feec502b55f3bd7327eec89d34399e708293ecd41a98c48355e04d77c57cdfec75d7234d5f84e07f7bff4274572ef2090be43c2

  • SSDEEP

    6144:5Xj1yPyCrnoUFUQWlH/VsKrZeKVcnVurhU2X8O7gk59S7NBV1YupuR:74yCbBFUQWlGKdeKWVSfl7LQpBVGKuR

Score
10/10
redlinesectopratsewpalpadininfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

SewPalpadin

C2

185.215.113.114:8887

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 2 IoCs
  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat
  • SectopRAT payload 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d2e9b7471d386d9c5c5494cd7c5fb502.exe
    "C:\Users\Admin\AppData\Local\Temp\d2e9b7471d386d9c5c5494cd7c5fb502.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2208-2-0x0000000000220000-0x000000000024F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/2208-3-0x0000000000400000-0x000000000047D000-memory.dmp
    Filesize

    500KB

    Download
  • memory/2208-1-0x00000000005F0000-0x00000000006F0000-memory.dmp
    Filesize

    1024KB

    Download
  • memory/2208-5-0x0000000074690000-0x0000000074D7E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/2208-7-0x0000000004A60000-0x0000000004AA0000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2208-6-0x0000000004A60000-0x0000000004AA0000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2208-4-0x00000000003E0000-0x0000000000400000-memory.dmp
    Filesize

    128KB

    Download
  • memory/2208-8-0x0000000004A60000-0x0000000004AA0000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2208-9-0x00000000005D0000-0x00000000005EE000-memory.dmp
    Filesize

    120KB

    Download
  • memory/2208-10-0x0000000004A60000-0x0000000004AA0000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2208-11-0x00000000005F0000-0x00000000006F0000-memory.dmp
    Filesize

    1024KB

    Download
  • memory/2208-13-0x0000000074690000-0x0000000074D7E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/2208-14-0x0000000004A60000-0x0000000004AA0000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2208-16-0x0000000004A60000-0x0000000004AA0000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2208-17-0x0000000004A60000-0x0000000004AA0000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2208-18-0x0000000004A60000-0x0000000004AA0000-memory.dmp
    Filesize

    256KB

    Download