Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
13/01/2024, 06:14
Static task
static1
Behavioral task
behavioral1
Sample
58302d460f03234df8465cc91b8ea8f5.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
58302d460f03234df8465cc91b8ea8f5.exe
Resource
win10v2004-20231215-en
General
-
Target
58302d460f03234df8465cc91b8ea8f5.exe
-
Size
193KB
-
MD5
58302d460f03234df8465cc91b8ea8f5
-
SHA1
3ffe53e42f7721e4d64bbad00a4e0a78b16393a7
-
SHA256
74038a3204b7afbe17745a745181860cd5c70e3d1a5c16c9aa0fbfcf8323e480
-
SHA512
f5da5a9091e3c5dac471472129a1481694d2c46ad031d27b8131376b5e52499e992ca826ddfcdc5d898d6b2a60163316d08425e7c9956e637a0ea06795eca9c4
-
SSDEEP
3072:EDKW1LgppLRHMY0TBfJvjcTp5XWHEh3B/b5LiIP148H3f:EDKW1Lgbdl0TBBvjc/WHEp/LiIP148P
Malware Config
Extracted
redline
Installbot8
jbeaef.ga:80
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 2 IoCs
resource yara_rule behavioral1/memory/2880-0-0x0000000000510000-0x0000000000534000-memory.dmp family_redline behavioral1/memory/2880-4-0x0000000002000000-0x0000000002022000-memory.dmp family_redline -
SectopRAT payload 2 IoCs
resource yara_rule behavioral1/memory/2880-0-0x0000000000510000-0x0000000000534000-memory.dmp family_sectoprat behavioral1/memory/2880-4-0x0000000002000000-0x0000000002022000-memory.dmp family_sectoprat -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2880 58302d460f03234df8465cc91b8ea8f5.exe