Analysis
-
max time kernel
130s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
06-07-2024 08:58
General
-
Target
a0aae683ab5377405fe6e2df78c2fd51cddb0cfec0c8bf6cca240dd518ed8dc8.exe
-
Size
95KB
-
MD5
edc8c4834d73ffd820e9ef6fb7dffcbb
-
SHA1
40b96d9c6884cbc72af79d6ed29b0a66ceabeeb3
-
SHA256
a0aae683ab5377405fe6e2df78c2fd51cddb0cfec0c8bf6cca240dd518ed8dc8
-
SHA512
c365eebc8fed51697f6863725a82b49d900201f86d59eefd163e79f837436548ceb69bf0f60d1c636589f33c9373492b8dfe8a21b17ede5bd554317e2ec60e22
-
SSDEEP
1536:9qsINqLGlbG6jejoigI343Ywzi0Zb78ivombfexv0ujXyyed2m3teulgS6pY:rAMOY3+zi0ZbYe1g0ujyzdAY
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
cheat
C2
161.129.65.145:4483
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a0aae683ab5377405fe6e2df78c2fd51cddb0cfec0c8bf6cca240dd518ed8dc8.exe"C:\Users\Admin\AppData\Local\Temp\a0aae683ab5377405fe6e2df78c2fd51cddb0cfec0c8bf6cca240dd518ed8dc8.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2416-0-0x0000000073EBE000-0x0000000073EBF000-memory.dmpFilesize
4KB
-
memory/2416-1-0x00000000010E0000-0x00000000010FE000-memory.dmpFilesize
120KB
-
memory/2416-2-0x0000000073EB0000-0x000000007459E000-memory.dmpFilesize
6.9MB
-
memory/2416-3-0x0000000073EBE000-0x0000000073EBF000-memory.dmpFilesize
4KB
-
memory/2416-4-0x0000000073EB0000-0x000000007459E000-memory.dmpFilesize
6.9MB