redline | 8042e30a34f07a606d6e8f3768f59d52133820a41794275481e3506b1e2d006f

Analysis

max time kernel
131s
max time network
140s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
13-07-2024 10:59

Target

8042e30a34f07a606d6e8f3768f59d52133820a41794275481e3506b1e2d006f.exe
Size

95KB
MD5

0e4b0dd3ee5d91b69296e3887bde2d2d
SHA1

a040a44b9bb38de4b7399ae8856557e818aa68db
SHA256

8042e30a34f07a606d6e8f3768f59d52133820a41794275481e3506b1e2d006f
SHA512

499b22959ca1e170b2d45878e85b0c6265af390b297176503ab7cebf4b06d7137f98a3fc029be21d402d8e6959d98f90cbb36a77c42140ac91bfc592248c7266
SSDEEP

1536:5qsIbqDylbG6jejoigIj43Ywzi0Zb78ivombfexv0ujXyyed2JtmulgS6p8l:XywiYj+zi0ZbYe1g0ujyzdp8

Score

10^/10

Family

redline

Botnet

french

91.92.243.245:47477

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2372-1-0x0000000000D70000-0x0000000000D8E000-memory.dmp	family_redline

SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
trojan rat sectoprat

SectopRAT payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2372-1-0x0000000000D70000-0x0000000000D8E000-memory.dmp	family_sectoprat

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

8042e30a34f07a606d6e8f3768f59d52133820a41794275481e3506b1e2d006f.exe

description pid process

Token: SeDebugPrivilege 2372 8042e30a34f07a606d6e8f3768f59d52133820a41794275481e3506b1e2d006f.exe

description	pid	process
Token: SeDebugPrivilege	2372	8042e30a34f07a606d6e8f3768f59d52133820a41794275481e3506b1e2d006f.exe

C:\Users\Admin\AppData\Local\Temp\8042e30a34f07a606d6e8f3768f59d52133820a41794275481e3506b1e2d006f.exe
"C:\Users\Admin\AppData\Local\Temp\8042e30a34f07a606d6e8f3768f59d52133820a41794275481e3506b1e2d006f.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2372

memory/2372-2-0x0000000074A50000-0x000000007513E000-memory.dmp

Filesize
6.9MB

Download
memory/2372-1-0x0000000000D70000-0x0000000000D8E000-memory.dmp

Filesize
120KB

Download
memory/2372-0-0x0000000074A5E000-0x0000000074A5F000-memory.dmp

Filesize
4KB

Download
memory/2372-3-0x0000000074A5E000-0x0000000074A5F000-memory.dmp

Filesize
4KB

Download
memory/2372-4-0x0000000074A50000-0x000000007513E000-memory.dmp

Filesize
6.9MB

Download