Overview

overview

10

Static

static

10

bf77f4e4b7...38.exe

windows7-x64

10

bf77f4e4b7...38.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    131s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    11-03-2024 01:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bf77f4e4b7d99180cd03145e877c3638.exe

  • Size

    100KB

  • MD5

    bf77f4e4b7d99180cd03145e877c3638

  • SHA1

    6a1a40532aec2932224585fbe54d6fb01107d120

  • SHA256

    8cbafd04f32cc48843fcac1913ae731b04e990a44d789a74b0ef50785874d5aa

  • SHA512

    4bf851e6872f09e74f99b58a90da2350906d6089237f687adb4093a0cdf888bff1b6047132c0992097384b0eb7b5e502e3a364a057a961bbe57809c03f6cd10a

  • SSDEEP

    1536:/m386AEA+t8BN8Y+K9qPxOyy67Qz+722gbue7v7uvNyAsdegi1xQeTEaG6WAaoiX:/i86AdaCCP9Qz+iX37ulydd8svIu

Score
10/10
redlinesectopratinstallsinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

installs

C2

178.32.202.118:43127

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat
  • SectopRAT payload 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bf77f4e4b7d99180cd03145e877c3638.exe
    "C:\Users\Admin\AppData\Local\Temp\bf77f4e4b7d99180cd03145e877c3638.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2200-0-0x0000000000B30000-0x0000000000B4E000-memory.dmp
    Filesize

    120KB

    Download
  • memory/2200-1-0x0000000074D50000-0x000000007543E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/2200-2-0x0000000004DC0000-0x0000000004E00000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2200-3-0x0000000074D50000-0x000000007543E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/2200-4-0x0000000004DC0000-0x0000000004E00000-memory.dmp
    Filesize

    256KB

    Download