redline | 41257eb458426a09f3ae33dedb9d3b1e3c8828e0de60f0389a43f8390ca4e166

Analysis

max time kernel
144s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13-01-2024 05:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

581721e440712b96cc96d52122c5dc62.exe
Size

344KB
MD5

581721e440712b96cc96d52122c5dc62
SHA1

661da1d3828b8a5dcbbc3b2dabda7f35af57b1ac
SHA256

41257eb458426a09f3ae33dedb9d3b1e3c8828e0de60f0389a43f8390ca4e166
SHA512

03bb84e5490f9b5b540fe987a02a57112444deefa099a70026272620f34ea486869002025e60db774c6366c841d1af1e1b463a9b0ba5777c4f11ded2f25e73c3
SSDEEP

6144:GOI2RN2NiVXrr9phieyJ+RsHYlNbCwkzuhGMahHvaZo0t7VKa:/FRQNiVv9phiysHI3kC9ahHvae0Jw

Score

10^/10

redline sectoprat sewpalpadin infostealer rat trojan

Malware Config

Extracted

Family

redline

Botnet

SewPalpadin

185.215.113.114:8887

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3276-10-0x0000000004EA0000-0x0000000004EBE000-memory.dmp	family_redline
behavioral2/memory/3276-4-0x0000000002AC0000-0x0000000002AE0000-memory.dmp	family_redline

SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
trojan rat sectoprat

SectopRAT payload 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3276-10-0x0000000004EA0000-0x0000000004EBE000-memory.dmp	family_sectoprat
behavioral2/memory/3276-4-0x0000000002AC0000-0x0000000002AE0000-memory.dmp	family_sectoprat

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

581721e440712b96cc96d52122c5dc62.exe

description pid process

Token: SeDebugPrivilege 3276 581721e440712b96cc96d52122c5dc62.exe

description	pid	process
Token: SeDebugPrivilege	3276	581721e440712b96cc96d52122c5dc62.exe

C:\Users\Admin\AppData\Local\Temp\581721e440712b96cc96d52122c5dc62.exe
"C:\Users\Admin\AppData\Local\Temp\581721e440712b96cc96d52122c5dc62.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3276-2-0x00000000001C0000-0x00000000001EF000-memory.dmp

Filesize
188KB

Download
memory/3276-1-0x0000000000950000-0x0000000000A50000-memory.dmp

Filesize
1024KB

Download
memory/3276-3-0x0000000000400000-0x000000000090C000-memory.dmp

Filesize
5.0MB

Download
memory/3276-8-0x0000000004FB0000-0x0000000004FC0000-memory.dmp

Filesize
64KB

Download
memory/3276-7-0x0000000004FB0000-0x0000000004FC0000-memory.dmp

Filesize
64KB

Download
memory/3276-10-0x0000000004EA0000-0x0000000004EBE000-memory.dmp

Filesize
120KB

Download
memory/3276-9-0x0000000004FC0000-0x0000000005564000-memory.dmp

Filesize
5.6MB

Download
memory/3276-12-0x0000000004F60000-0x0000000004F72000-memory.dmp

Filesize
72KB

Download
memory/3276-13-0x0000000005B90000-0x0000000005BCC000-memory.dmp

Filesize
240KB

Download
memory/3276-11-0x0000000005570000-0x0000000005B88000-memory.dmp

Filesize
6.1MB

Download
memory/3276-14-0x0000000004FB0000-0x0000000004FC0000-memory.dmp

Filesize
64KB

Download
memory/3276-15-0x0000000005BD0000-0x0000000005C1C000-memory.dmp

Filesize
304KB

Download
memory/3276-6-0x0000000004FB0000-0x0000000004FC0000-memory.dmp

Filesize
64KB

Download
memory/3276-5-0x00000000745E0000-0x0000000074D90000-memory.dmp

Filesize
7.7MB

Download
memory/3276-4-0x0000000002AC0000-0x0000000002AE0000-memory.dmp

Filesize
128KB

Download
memory/3276-16-0x0000000005D50000-0x0000000005E5A000-memory.dmp

Filesize
1.0MB

Download
memory/3276-17-0x0000000000400000-0x000000000090C000-memory.dmp

Filesize
5.0MB

Download
memory/3276-19-0x00000000001C0000-0x00000000001EF000-memory.dmp

Filesize
188KB

Download
memory/3276-18-0x0000000000950000-0x0000000000A50000-memory.dmp

Filesize
1024KB

Download
memory/3276-20-0x00000000745E0000-0x0000000074D90000-memory.dmp

Filesize
7.7MB

Download
memory/3276-22-0x0000000004FB0000-0x0000000004FC0000-memory.dmp

Filesize
64KB

Download
memory/3276-24-0x0000000004FB0000-0x0000000004FC0000-memory.dmp

Filesize
64KB

Download
memory/3276-23-0x0000000004FB0000-0x0000000004FC0000-memory.dmp

Filesize
64KB

Download
memory/3276-25-0x0000000004FB0000-0x0000000004FC0000-memory.dmp

Filesize
64KB

Download