Overview

overview

10

Static

static

3

45917de21a...1c.exe

windows7-x64

10

45917de21a...1c.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    06/01/2024, 06:52

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    45917de21a6088ed41b735f04b8c441c.exe

  • Size

    398KB

  • MD5

    45917de21a6088ed41b735f04b8c441c

  • SHA1

    7fcf57469babfbf6c99a611b0ed47eef7c4f6b6e

  • SHA256

    3ef227459f5ea632eedaba68d9d410521e75e24c41a0de0cdf26084761fd6129

  • SHA512

    9d1e5c4fbdb0ad07aa14d778c57a8ebefba98c86426845b140412343659f1861bffe0753fc074d6abc1e9d80fc2c2d3d0aae6b830686f82d6d840e1cc92dfa88

  • SSDEEP

    12288:C359mzJvK0g1qTXHWvLSaS8ogvgiu0Hd6:1NvK0gvLS1cgid96

Score
10/10
redlinesectoprat170infostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

170

C2

147.124.222.75:42864

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 3 IoCs
  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat
  • SectopRAT payload 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\45917de21a6088ed41b735f04b8c441c.exe
    "C:\Users\Admin\AppData\Local\Temp\45917de21a6088ed41b735f04b8c441c.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2976

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2976-1-0x0000000000500000-0x0000000000600000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2976-2-0x00000000002B0000-0x00000000002DF000-memory.dmp

          Filesize

          188KB

          Download

        • memory/2976-3-0x0000000000400000-0x000000000047F000-memory.dmp

          Filesize

          508KB

          Download

        • memory/2976-4-0x00000000003E0000-0x0000000000400000-memory.dmp

          Filesize

          128KB

          Download

        • memory/2976-5-0x0000000074C20000-0x000000007530E000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/2976-6-0x0000000001E30000-0x0000000001E70000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2976-7-0x0000000001E30000-0x0000000001E70000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2976-8-0x0000000002070000-0x000000000208E000-memory.dmp

          Filesize

          120KB

          Download

        • memory/2976-9-0x0000000000400000-0x000000000047F000-memory.dmp

          Filesize

          508KB

          Download

        • memory/2976-10-0x0000000000500000-0x0000000000600000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2976-11-0x00000000002B0000-0x00000000002DF000-memory.dmp

          Filesize

          188KB

          Download

        • memory/2976-12-0x0000000074C20000-0x000000007530E000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/2976-14-0x0000000001E30000-0x0000000001E70000-memory.dmp

          Filesize

          256KB

          Download