Analysis
-
max time kernel
124s -
max time network
134s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
29-05-2024 15:30
General
-
Target
3bd982f82a1b2f074b02fe7cc7413f1e083f19108ae2612b2b5a741a9858f7f4.exe
-
Size
523KB
-
MD5
e336cd749eb4e599192906f8d61d0bb2
-
SHA1
6d431812efb3c52e0bdd44d2602bca486eacc451
-
SHA256
3bd982f82a1b2f074b02fe7cc7413f1e083f19108ae2612b2b5a741a9858f7f4
-
SHA512
8e18ce1501dbf77ca2af6cf6d7c0813501b2e94c61e859878370e872c93b79d7019430391b4916296e7f62079d2408a37ff0cdab0260d67b437eb88310d1fb84
-
SSDEEP
12288:5cO61A772/5RMH4Gj63oiwKeWq6GXiS+qdYYn86v:U+XQRMYGSFFq6G53nv
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
xxl
C2
2.56.59.101:17559
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 5 IoCs
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload 5 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3bd982f82a1b2f074b02fe7cc7413f1e083f19108ae2612b2b5a741a9858f7f4.exe"C:\Users\Admin\AppData\Local\Temp\3bd982f82a1b2f074b02fe7cc7413f1e083f19108ae2612b2b5a741a9858f7f4.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3bd982f82a1b2f074b02fe7cc7413f1e083f19108ae2612b2b5a741a9858f7f4.exe"C:\Users\Admin\AppData\Local\Temp\3bd982f82a1b2f074b02fe7cc7413f1e083f19108ae2612b2b5a741a9858f7f4.exe"2⤵
- Suspicious use of AdjustPrivilegeToken
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
544KB
-
Filesize
6.9MB
-
Filesize
88KB
-
Filesize
4KB
-
Filesize
6.9MB
-
Filesize
496KB
-
Filesize
120KB
-
Filesize
6.9MB
-
Filesize
4KB
-
Filesize
120KB
-
Filesize
120KB
-
Filesize
120KB
-
Filesize
120KB
-
Filesize
120KB
-
Filesize
120KB
-
Filesize
120KB
-
Filesize
6.9MB
-
Filesize
6.9MB
-
Filesize
6.9MB