Analysis
-
max time kernel
127s -
max time network
137s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
10-01-2024 17:24
Behavioral task
behavioral1
Sample
51297ca658f66c270f4aeeb24c1cf2f4.exe
Resource
win7-20231215-en
windows7-x64
4 signatures
150 seconds
General
-
Target
51297ca658f66c270f4aeeb24c1cf2f4.exe
-
Size
116KB
-
MD5
51297ca658f66c270f4aeeb24c1cf2f4
-
SHA1
397f29200d65eb4b69ee1d66a8deab4b9ae2f505
-
SHA256
9ab78ca17475bc6f79aa45804e6fa1c5081e95126ca00b8264b20c24cde6607c
-
SHA512
c5bf5bc31fbdc041d94865250e24d157a2ed4cf3a73e033758caab13cb3a474cea2b5c1b4ba451e3efc00a1f155addc69874ca19e7055e9e2c0e9b80c38c4881
-
SSDEEP
3072:EeMnxxzowwwwwwwwwwwZw1ww4uvGnPyOdHTkEqVCI:ieUy4Vg
Malware Config
Extracted
Family
redline
Botnet
install
C2
185.167.97.37:30904
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/2180-0-0x0000000000BB0000-0x0000000000BD2000-memory.dmp family_redline behavioral1/memory/2180-2-0x00000000045C0000-0x0000000004600000-memory.dmp family_redline -
SectopRAT payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/2180-0-0x0000000000BB0000-0x0000000000BD2000-memory.dmp family_sectoprat behavioral1/memory/2180-2-0x00000000045C0000-0x0000000004600000-memory.dmp family_sectoprat
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2180-1-0x00000000746D0000-0x0000000074DBE000-memory.dmpFilesize
6.9MB
-
memory/2180-0-0x0000000000BB0000-0x0000000000BD2000-memory.dmpFilesize
136KB
-
memory/2180-2-0x00000000045C0000-0x0000000004600000-memory.dmpFilesize
256KB
-
memory/2180-3-0x00000000746D0000-0x0000000074DBE000-memory.dmpFilesize
6.9MB
-
memory/2180-4-0x00000000045C0000-0x0000000004600000-memory.dmpFilesize
256KB