Analysis
-
max time kernel
137s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
09-07-2024 19:24
General
-
Target
c6053f9bf5cfb19b282cd05bbb4c6d276b873ab2f02998e7ea0d9a4ed1fe820b.exe
-
Size
95KB
-
MD5
ca61dd43465317b733fd164e17a7dfdf
-
SHA1
e8177920109aa69b7942c7dcf0acebd06d44c958
-
SHA256
c6053f9bf5cfb19b282cd05bbb4c6d276b873ab2f02998e7ea0d9a4ed1fe820b
-
SHA512
17802e2b3181e7f84c3f757e53aeb64bfc58d92378825f034fc317c14036cda29072fabce8215db9605ef4c689a55bef8c99e17fa790af1dddc43d0f65619d53
-
SSDEEP
1536:5qsCbqDylbG6jejoigIj43Ywzi0Zb78ivombfexv0ujXyyed2ptmulgS6p8l:XEwiYj+zi0ZbYe1g0ujyzdx8
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
halle
C2
194.55.186.180:55123
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c6053f9bf5cfb19b282cd05bbb4c6d276b873ab2f02998e7ea0d9a4ed1fe820b.exe"C:\Users\Admin\AppData\Local\Temp\c6053f9bf5cfb19b282cd05bbb4c6d276b873ab2f02998e7ea0d9a4ed1fe820b.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1420-0-0x0000000073FFE000-0x0000000073FFF000-memory.dmpFilesize
4KB
-
memory/1420-1-0x0000000000EB0000-0x0000000000ECE000-memory.dmpFilesize
120KB
-
memory/1420-2-0x0000000073FF0000-0x00000000746DE000-memory.dmpFilesize
6.9MB
-
memory/1420-3-0x0000000073FFE000-0x0000000073FFF000-memory.dmpFilesize
4KB
-
memory/1420-4-0x0000000073FF0000-0x00000000746DE000-memory.dmpFilesize
6.9MB