redline | 5d7e056cab62d45da796272f782b92fdba8c38827e678fa1273c0ccb71aa6d83

Analysis

max time kernel
144s
max time network
146s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16-03-2024 04:52

Target

cd26d1159f20d37cca1aa22af82cf6a3.exe
Size

309KB
MD5

cd26d1159f20d37cca1aa22af82cf6a3
SHA1

f24612e9ae118b4a885c3983022d33da0009a70a
SHA256

5d7e056cab62d45da796272f782b92fdba8c38827e678fa1273c0ccb71aa6d83
SHA512

171da49fd4d34e07bd50c46f27b08d1fb96f4d65706fee68ac76c7ab068c89cefa0a97034b4d8a2bc326174ead329a009ad94993d782e2bf5e3e291f7a32d515
SSDEEP

6144:KhLDRPVxtbyDT9B70uWaHfwkLhpgsgFVg8FY6xA:Khvdt+70u/H5S4

Score

10^/10

Family

redline

Botnet

zaliv

185.244.216.219:33828

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 4 IoCs

resource	yara_rule
behavioral1/memory/1244-3-0x0000000001E80000-0x0000000001EA6000-memory.dmp	family_redline
behavioral1/memory/1244-5-0x0000000003C20000-0x0000000003C60000-memory.dmp	family_redline
behavioral1/memory/1244-6-0x0000000001EA0000-0x0000000001EC4000-memory.dmp	family_redline
behavioral1/memory/1244-8-0x0000000003C20000-0x0000000003C60000-memory.dmp	family_redline

SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
trojan rat sectoprat

SectopRAT payload 4 IoCs

resource	yara_rule
behavioral1/memory/1244-3-0x0000000001E80000-0x0000000001EA6000-memory.dmp	family_sectoprat
behavioral1/memory/1244-5-0x0000000003C20000-0x0000000003C60000-memory.dmp	family_sectoprat
behavioral1/memory/1244-6-0x0000000001EA0000-0x0000000001EC4000-memory.dmp	family_sectoprat
behavioral1/memory/1244-8-0x0000000003C20000-0x0000000003C60000-memory.dmp	family_sectoprat

C:\Users\Admin\AppData\Local\Temp\cd26d1159f20d37cca1aa22af82cf6a3.exe
"C:\Users\Admin\AppData\Local\Temp\cd26d1159f20d37cca1aa22af82cf6a3.exe"
1⤵
PID:1244

memory/1244-1-0x0000000001EF0000-0x0000000001FF0000-memory.dmp

Filesize
1024KB

Download
memory/1244-2-0x0000000000230000-0x0000000000260000-memory.dmp

Filesize
192KB

Download
memory/1244-4-0x0000000000400000-0x0000000001D9B000-memory.dmp

Filesize
25.6MB

Download
memory/1244-3-0x0000000001E80000-0x0000000001EA6000-memory.dmp

Filesize
152KB

Download
memory/1244-5-0x0000000003C20000-0x0000000003C60000-memory.dmp

Filesize
256KB

Download
memory/1244-6-0x0000000001EA0000-0x0000000001EC4000-memory.dmp

Filesize
144KB

Download
memory/1244-7-0x00000000746C0000-0x0000000074DAE000-memory.dmp

Filesize
6.9MB

Download
memory/1244-8-0x0000000003C20000-0x0000000003C60000-memory.dmp

Filesize
256KB

Download
memory/1244-9-0x0000000003C20000-0x0000000003C60000-memory.dmp

Filesize
256KB

Download
memory/1244-10-0x0000000003C20000-0x0000000003C60000-memory.dmp

Filesize
256KB

Download
memory/1244-13-0x0000000001EF0000-0x0000000001FF0000-memory.dmp

Filesize
1024KB

Download
memory/1244-14-0x0000000003C20000-0x0000000003C60000-memory.dmp

Filesize
256KB

Download
memory/1244-15-0x00000000746C0000-0x0000000074DAE000-memory.dmp

Filesize
6.9MB

Download
memory/1244-16-0x0000000003C20000-0x0000000003C60000-memory.dmp

Filesize
256KB

Download