Overview

overview

10

Static

static

3

018fdf6628...6e.exe

windows7-x64

10

018fdf6628...6e.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    163s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 19:22

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    018fdf6628c4e053dfad14b6561f906e.exe

  • Size

    264KB

  • MD5

    018fdf6628c4e053dfad14b6561f906e

  • SHA1

    77f24de6a174d09f581f68a8be78388703aed773

  • SHA256

    c783603717e4e900812cefc1676313b5511cd1904cded011effbacc7a95cda74

  • SHA512

    74efe62c672f444f7ed21de50a52ff83048c28f0eff416b102ff46ba16b62d52c86782936f56e04a4c0327e1a45ec57dffe3b6d78ce7811625f235786b58318f

  • SSDEEP

    3072:DXAqq3AytXKiTWsNoW1UYiTq/s8kEtq9UMX/kc6TT2teABNirRUOaETJKT0yB3N:DHI8iT1YpZErMvWTCeovr

Score
10/10
redlinesectopratinfostealerrattrojan

Malware Config

Extracted

Family

redline

C2

185.215.113.29:8889

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 2 IoCs
  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat
  • SectopRAT payload 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\018fdf6628c4e053dfad14b6561f906e.exe
    "C:\Users\Admin\AppData\Local\Temp\018fdf6628c4e053dfad14b6561f906e.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2092

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2092-2-0x00000000003B0000-0x00000000003DF000-memory.dmp

          Filesize

          188KB

          Download

        • memory/2092-1-0x0000000000230000-0x0000000000330000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2092-3-0x0000000002DE0000-0x0000000002E02000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2092-4-0x0000000000400000-0x0000000002CD0000-memory.dmp

          Filesize

          40.8MB

          Download

        • memory/2092-5-0x0000000007230000-0x0000000007270000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2092-7-0x0000000007230000-0x0000000007270000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2092-6-0x0000000007230000-0x0000000007270000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2092-8-0x0000000004740000-0x0000000004760000-memory.dmp

          Filesize

          128KB

          Download

        • memory/2092-9-0x00000000744E0000-0x0000000074BCE000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/2092-11-0x0000000000230000-0x0000000000330000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2092-12-0x00000000003B0000-0x00000000003DF000-memory.dmp

          Filesize

          188KB

          Download

        • memory/2092-14-0x0000000007230000-0x0000000007270000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2092-15-0x00000000744E0000-0x0000000074BCE000-memory.dmp

          Filesize

          6.9MB

          Download