redline | 5c6d2425943bd5439503af83b3337e6253994776d91c4ed4bd572266971f3520

Analysis

max time kernel
135s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2024, 17:46

Target

1947626a9da397ee1e3a537ed7b266d31531ad3d27eaf63c6b607db359788248.exe
Size

95KB
MD5

9ed248a55397b97d052a432e3799578c
SHA1

147e67e09d8724d4a8e09e889f6a03aafc947487
SHA256

1947626a9da397ee1e3a537ed7b266d31531ad3d27eaf63c6b607db359788248
SHA512

eb9d97f6c859c0d0f60e1ba0fda85893d2c00ec3f9d5a607e0e33e07aede1e624c1a92eff6fc4a0ed67d1b120a90482115a56694011dfac3ad9287c9bb479a68
SSDEEP

1536:5qs+bqDylbG6jejoigIj43Ywzi0Zb78ivombfexv0ujXyyed2CtmulgS6p8l:XIwiYj+zi0ZbYe1g0ujyzdm8

Score

10^/10

Family

redline

Botnet

XenLogs

45.77.240.40:25887

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral2/memory/696-0-0x0000000000480000-0x000000000049E000-memory.dmp	family_redline

SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
trojan rat sectoprat

SectopRAT payload 1 IoCs

resource	yara_rule
behavioral2/memory/696-0-0x0000000000480000-0x000000000049E000-memory.dmp	family_sectoprat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	696	1947626a9da397ee1e3a537ed7b266d31531ad3d27eaf63c6b607db359788248.exe

C:\Users\Admin\AppData\Local\Temp\1947626a9da397ee1e3a537ed7b266d31531ad3d27eaf63c6b607db359788248.exe
"C:\Users\Admin\AppData\Local\Temp\1947626a9da397ee1e3a537ed7b266d31531ad3d27eaf63c6b607db359788248.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:696

memory/696-0-0x0000000000480000-0x000000000049E000-memory.dmp

Filesize
120KB

Download
memory/696-1-0x0000000074820000-0x0000000074FD0000-memory.dmp

Filesize
7.7MB

Download
memory/696-2-0x0000000005590000-0x0000000005BA8000-memory.dmp

Filesize
6.1MB

Download
memory/696-3-0x0000000004E40000-0x0000000004E52000-memory.dmp

Filesize
72KB

Download
memory/696-4-0x0000000004EA0000-0x0000000004EDC000-memory.dmp

Filesize
240KB

Download
memory/696-6-0x0000000004EE0000-0x0000000004F2C000-memory.dmp

Filesize
304KB

Download
memory/696-5-0x0000000004F60000-0x0000000004F70000-memory.dmp

Filesize
64KB

Download
memory/696-7-0x0000000005150000-0x000000000525A000-memory.dmp

Filesize
1.0MB

Download
memory/696-8-0x0000000074820000-0x0000000074FD0000-memory.dmp

Filesize
7.7MB

Download
memory/696-9-0x0000000004F60000-0x0000000004F70000-memory.dmp

Filesize
64KB

Download