Analysis
-
max time kernel
131s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
13-07-2024 10:59
General
-
Target
8042e30a34f07a606d6e8f3768f59d52133820a41794275481e3506b1e2d006f.exe
-
Size
95KB
-
MD5
0e4b0dd3ee5d91b69296e3887bde2d2d
-
SHA1
a040a44b9bb38de4b7399ae8856557e818aa68db
-
SHA256
8042e30a34f07a606d6e8f3768f59d52133820a41794275481e3506b1e2d006f
-
SHA512
499b22959ca1e170b2d45878e85b0c6265af390b297176503ab7cebf4b06d7137f98a3fc029be21d402d8e6959d98f90cbb36a77c42140ac91bfc592248c7266
-
SSDEEP
1536:5qsIbqDylbG6jejoigIj43Ywzi0Zb78ivombfexv0ujXyyed2JtmulgS6p8l:XywiYj+zi0ZbYe1g0ujyzdp8
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
french
C2
91.92.243.245:47477
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8042e30a34f07a606d6e8f3768f59d52133820a41794275481e3506b1e2d006f.exe"C:\Users\Admin\AppData\Local\Temp\8042e30a34f07a606d6e8f3768f59d52133820a41794275481e3506b1e2d006f.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2372-2-0x0000000074A50000-0x000000007513E000-memory.dmpFilesize
6.9MB
-
memory/2372-1-0x0000000000D70000-0x0000000000D8E000-memory.dmpFilesize
120KB
-
memory/2372-0-0x0000000074A5E000-0x0000000074A5F000-memory.dmpFilesize
4KB
-
memory/2372-3-0x0000000074A5E000-0x0000000074A5F000-memory.dmpFilesize
4KB
-
memory/2372-4-0x0000000074A50000-0x000000007513E000-memory.dmpFilesize
6.9MB