redline | 1fb9fe7aa7dad77120171c9eb088d6d2988356308940996a27205b37808494a7

Analysis

max time kernel
163s
max time network
178s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28-12-2023 14:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e4f0eb52a38d84dd15ec78e8bf9f0ce6.exe
Size

386KB
MD5

e4f0eb52a38d84dd15ec78e8bf9f0ce6
SHA1

d54fd85eb9717dd180a9f4ba1ae50516345ea36c
SHA256

1fb9fe7aa7dad77120171c9eb088d6d2988356308940996a27205b37808494a7
SHA512

46e374b4fbf79e4ad8a21238e77e975803d4bfa23f47ec14dd42b1a203a7bc0f24033e88993a42fc15588783683119362fbcf549f7246a31edc181b0e7fc8612
SSDEEP

6144:pVQvybiNTUc6D9XWWdbdVO1vLWHADAzPbuWrormRrhpOCE2:8IiNg59XWmVKzOVzPbuYRdgb2

Score

10^/10

redline sectoprat sewpalpadin infostealer rat trojan

Malware Config

Extracted

Family

redline

Botnet

SewPalpadin

185.215.113.114:8887

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3916-11-0x00000000024A0000-0x00000000024C0000-memory.dmp	family_redline
behavioral2/memory/3916-17-0x00000000026C0000-0x00000000026DE000-memory.dmp	family_redline

SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
trojan rat sectoprat

SectopRAT payload 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3916-11-0x00000000024A0000-0x00000000024C0000-memory.dmp	family_sectoprat
behavioral2/memory/3916-17-0x00000000026C0000-0x00000000026DE000-memory.dmp	family_sectoprat

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

e4f0eb52a38d84dd15ec78e8bf9f0ce6.exe

description pid process

Token: SeDebugPrivilege 3916 e4f0eb52a38d84dd15ec78e8bf9f0ce6.exe

description	pid	process
Token: SeDebugPrivilege	3916	e4f0eb52a38d84dd15ec78e8bf9f0ce6.exe

C:\Users\Admin\AppData\Local\Temp\e4f0eb52a38d84dd15ec78e8bf9f0ce6.exe
"C:\Users\Admin\AppData\Local\Temp\e4f0eb52a38d84dd15ec78e8bf9f0ce6.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3916-1-0x00000000005E0000-0x00000000006E0000-memory.dmp

Filesize
1024KB

Download
memory/3916-2-0x0000000000500000-0x000000000052F000-memory.dmp

Filesize
188KB

Download
memory/3916-3-0x0000000000400000-0x000000000047C000-memory.dmp

Filesize
496KB

Download
memory/3916-4-0x0000000000400000-0x000000000047C000-memory.dmp

Filesize
496KB

Download
memory/3916-6-0x00000000005E0000-0x00000000006E0000-memory.dmp

Filesize
1024KB

Download
memory/3916-7-0x0000000074770000-0x0000000074F20000-memory.dmp

Filesize
7.7MB

Download
memory/3916-8-0x0000000000500000-0x000000000052F000-memory.dmp

Filesize
188KB

Download
memory/3916-10-0x0000000004BD0000-0x0000000004BE0000-memory.dmp

Filesize
64KB

Download
memory/3916-11-0x00000000024A0000-0x00000000024C0000-memory.dmp

Filesize
128KB

Download
memory/3916-13-0x0000000004BD0000-0x0000000004BE0000-memory.dmp

Filesize
64KB

Download
memory/3916-14-0x0000000004BD0000-0x0000000004BE0000-memory.dmp

Filesize
64KB

Download
memory/3916-15-0x0000000074770000-0x0000000074F20000-memory.dmp

Filesize
7.7MB

Download
memory/3916-16-0x0000000004BE0000-0x0000000005184000-memory.dmp

Filesize
5.6MB

Download
memory/3916-17-0x00000000026C0000-0x00000000026DE000-memory.dmp

Filesize
120KB

Download
memory/3916-19-0x00000000053D0000-0x00000000059E8000-memory.dmp

Filesize
6.1MB

Download
memory/3916-20-0x0000000004BD0000-0x0000000004BE0000-memory.dmp

Filesize
64KB

Download
memory/3916-22-0x00000000001D0000-0x00000000001E2000-memory.dmp

Filesize
72KB

Download
memory/3916-23-0x0000000004BD0000-0x0000000004BE0000-memory.dmp

Filesize
64KB

Download
memory/3916-24-0x0000000004BD0000-0x0000000004BE0000-memory.dmp

Filesize
64KB

Download
memory/3916-25-0x00000000007B0000-0x00000000007EC000-memory.dmp

Filesize
240KB

Download
memory/3916-29-0x0000000004BD0000-0x0000000004BE0000-memory.dmp

Filesize
64KB

Download
memory/3916-31-0x0000000000910000-0x000000000095C000-memory.dmp

Filesize
304KB

Download
memory/3916-33-0x0000000005B40000-0x0000000005C4A000-memory.dmp

Filesize
1.0MB

Download
memory/3916-35-0x0000000004BD0000-0x0000000004BE0000-memory.dmp

Filesize
64KB

Download