redline | 55fbfaaeee07219fa0c1854b2d594a4b334d94fad72e84f9f4b24f367628ca6c

Analysis

max time kernel
138s
max time network
141s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
28/04/2024, 11:25

Target

tmp.exe
Size

310KB
MD5

1f22a7e6656435da34317aa3e7a95f51
SHA1

8bec84fa7a4a5e4113ea3548eb0c0d95d050f218
SHA256

55fbfaaeee07219fa0c1854b2d594a4b334d94fad72e84f9f4b24f367628ca6c
SHA512

a263145b00ff21ecaf04214996f1b277db13bdc5013591c3c9cf25e9082fc99bc5e357f56aba4cea4dbcc68f85262fe7bbd7f1cec93cde81c0b30dae77f1b95e
SSDEEP

6144:LtaJEzrozDSV1dNaYO5/Mdk4KwqjDNgxoUb2dME:LtaJL61dN/3K1jJfU

Score

10^/10

Detect ZGRat V1 2 IoCs

resource	yara_rule
behavioral1/memory/1992-0-0x00000000013E0000-0x0000000001434000-memory.dmp	family_zgrat_v1
behavioral1/memory/1992-2-0x000000001B450000-0x000000001B4D0000-memory.dmp	family_zgrat_v1

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 2 IoCs

resource	yara_rule
behavioral1/memory/1992-0-0x00000000013E0000-0x0000000001434000-memory.dmp	family_redline
behavioral1/memory/1992-2-0x000000001B450000-0x000000001B4D0000-memory.dmp	family_redline

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1992	tmp.exe

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1992

memory/1992-0-0x00000000013E0000-0x0000000001434000-memory.dmp

Filesize
336KB

Download
memory/1992-1-0x000007FEF5440000-0x000007FEF5E2C000-memory.dmp

Filesize
9.9MB

Download
memory/1992-2-0x000000001B450000-0x000000001B4D0000-memory.dmp

Filesize
512KB

Download
memory/1992-3-0x000007FEF5440000-0x000007FEF5E2C000-memory.dmp

Filesize
9.9MB

Download
memory/1992-4-0x000000001B450000-0x000000001B4D0000-memory.dmp

Filesize
512KB

Download