Analysis
-
max time kernel
152s -
max time network
172s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
14/01/2024, 01:59
Behavioral task
behavioral1
Sample
59fb7442592a9c032fbabad5a797fbde.exe
Resource
win7-20231215-en
5 signatures
150 seconds
General
-
Target
59fb7442592a9c032fbabad5a797fbde.exe
-
Size
96KB
-
MD5
59fb7442592a9c032fbabad5a797fbde
-
SHA1
c9477fc460b0b44c63c2a5f83a178c398b6a36fd
-
SHA256
d34e796266410aff6fcad07b74545d3121bfc595cadef5370c01153b4dbf0047
-
SHA512
5138015101bf38e436d9e1dc5c65f13e7a9b777b3849cbadfd8462b384a89cdf2e01a3b027545a3b1bbc1136c8814f4d8c54fdaf3fae3004966707b5ffc75500
-
SSDEEP
1536:XHB+zRmEOBCoUi6HW+iGXgktM20VbN8FAh8xx+Ombf9Bo3HHTPyHddoh30txbIjf:XwzRmEVoUxW+iGXNtM2EuA8x+b1UHHbL
Malware Config
Extracted
Family
redline
Botnet
@bbakoch
C2
185.186.142.55:10425
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
resource yara_rule behavioral2/memory/4108-1-0x0000000000E80000-0x0000000000E9E000-memory.dmp family_redline -
SectopRAT payload 1 IoCs
resource yara_rule behavioral2/memory/4108-1-0x0000000000E80000-0x0000000000E9E000-memory.dmp family_sectoprat -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4108 59fb7442592a9c032fbabad5a797fbde.exe