Overview

overview

10

Static

static

3

f3fba1d135...47.exe

windows7-x64

10

f3fba1d135...47.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    09-01-2024 18:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f3fba1d1355dfc71fa48b1e730726f47.exe

  • Size

    2.0MB

  • MD5

    f3fba1d1355dfc71fa48b1e730726f47

  • SHA1

    e8ad228acbeb4ea96a49f518c80cf3fbb87e0ad0

  • SHA256

    0c5129f7ce0c2140caad284bd252dd57e0eb11eba4855540be8f8f8c992400a6

  • SHA512

    ed0c1b71040e24bc6921f6837e842e1e18e939ef6ff00e144121d7a7c3ea2ad5a61b0e72fff20afb9c2345bba0d8633069dc3c28ed643dd571a59de5502ab8fb

  • SSDEEP

    49152:pI4U7g149h0826G8K3PNwir5zPd7mtfpubpnvaVfhm6t+8LdR:6E149C82XPn5zlkUbpvalTYGR

Score
10/10
redlinesectopratxxluchxx1infostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

xxluchxx1

C2

185.172.129.61:52372

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat
  • SectopRAT payload 6 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f3fba1d1355dfc71fa48b1e730726f47.exe
    "C:\Users\Admin\AppData\Local\Temp\f3fba1d1355dfc71fa48b1e730726f47.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1696-0-0x0000000000A20000-0x000000000133E000-memory.dmp
    Filesize

    9.1MB

    Download
  • memory/1696-1-0x000000007EBD0000-0x000000007EFA1000-memory.dmp
    Filesize

    3.8MB

    Download
  • memory/1696-3-0x0000000074060000-0x000000007474E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/1696-2-0x0000000000A20000-0x000000000133E000-memory.dmp
    Filesize

    9.1MB

    Download
  • memory/1696-4-0x0000000003D70000-0x0000000003DB0000-memory.dmp
    Filesize

    256KB

    Download
  • memory/1696-5-0x0000000000A20000-0x000000000133E000-memory.dmp
    Filesize

    9.1MB

    Download
  • memory/1696-6-0x000000007EBD0000-0x000000007EFA1000-memory.dmp
    Filesize

    3.8MB

    Download
  • memory/1696-7-0x0000000000A20000-0x000000000133E000-memory.dmp
    Filesize

    9.1MB

    Download
  • memory/1696-8-0x0000000074060000-0x000000007474E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/1696-9-0x0000000003D70000-0x0000000003DB0000-memory.dmp
    Filesize

    256KB

    Download
  • memory/1696-10-0x0000000000A20000-0x000000000133E000-memory.dmp
    Filesize

    9.1MB

    Download
  • memory/1696-11-0x0000000000A20000-0x000000000133E000-memory.dmp
    Filesize

    9.1MB

    Download
  • memory/1696-12-0x0000000000A20000-0x000000000133E000-memory.dmp
    Filesize

    9.1MB

    Download
  • memory/1696-13-0x0000000000A20000-0x000000000133E000-memory.dmp
    Filesize

    9.1MB

    Download
  • memory/1696-14-0x0000000000A20000-0x000000000133E000-memory.dmp
    Filesize

    9.1MB

    Download
  • memory/1696-15-0x0000000000A20000-0x000000000133E000-memory.dmp
    Filesize

    9.1MB

    Download
  • memory/1696-16-0x0000000000A20000-0x000000000133E000-memory.dmp
    Filesize

    9.1MB

    Download
  • memory/1696-17-0x0000000000A20000-0x000000000133E000-memory.dmp
    Filesize

    9.1MB

    Download
  • memory/1696-18-0x0000000000A20000-0x000000000133E000-memory.dmp
    Filesize

    9.1MB

    Download
  • memory/1696-19-0x0000000000A20000-0x000000000133E000-memory.dmp
    Filesize

    9.1MB

    Download
  • memory/1696-20-0x0000000000A20000-0x000000000133E000-memory.dmp
    Filesize

    9.1MB

    Download
  • memory/1696-21-0x0000000000A20000-0x000000000133E000-memory.dmp
    Filesize

    9.1MB

    Download