redline | 4b39395783ee4f8ab3197c93738788d8f6b375bbe57a2f2337e5ba122bcd4fa8

Analysis

max time kernel
147s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26-07-2024 19:43

Target

qcxtqseqebql.exe
Size

906KB
MD5

5be2d003e408042bb49e562408a56b1a
SHA1

c38b4ce70381d017e19ca7cdae1595723dbca0d3
SHA256

4b39395783ee4f8ab3197c93738788d8f6b375bbe57a2f2337e5ba122bcd4fa8
SHA512

7dc6838bc8c015f430d691be3cc2aa8d2974ffb52c9ec00dbf36eb7633e343ce536606b075f4ac71e25b3e1c189fcf1c4ff3b90f609264d8b642aedfaf80a801
SSDEEP

12288:Whc5AL/ak6i64ikkc4AWpORikNoVqM3hgg9S6hz5AsG6o2Pxv:Wm4R6i6jTAWpNgcxNsoAbXuv

Score

10^/10

Family

redline

Botnet

cheat

154.81.220.233:28105

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3052-11-0x0000000002610000-0x000000000262E000-memory.dmp	family_redline

SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
trojan rat sectoprat

SectopRAT payload 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3052-11-0x0000000002610000-0x000000000262E000-memory.dmp	family_sectoprat

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

qcxtqseqebql.exe

description pid process

Token: SeDebugPrivilege 3052 qcxtqseqebql.exe

description	pid	process
Token: SeDebugPrivilege	3052	qcxtqseqebql.exe

C:\Users\Admin\AppData\Local\Temp\qcxtqseqebql.exe
"C:\Users\Admin\AppData\Local\Temp\qcxtqseqebql.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3052

memory/3052-0-0x0000000000AC0000-0x0000000000AC1000-memory.dmp

Filesize
4KB

Download
memory/3052-3-0x00007FFAC2830000-0x00007FFAC2A25000-memory.dmp

Filesize
2.0MB

Download
memory/3052-9-0x0000000000AC0000-0x0000000000AC1000-memory.dmp

Filesize
4KB

Download
memory/3052-6-0x0000000000400000-0x00000000004FF000-memory.dmp

Filesize
1020KB

Download
memory/3052-10-0x00007FFAA3643000-0x00007FFAA3645000-memory.dmp

Filesize
8KB

Download
memory/3052-11-0x0000000002610000-0x000000000262E000-memory.dmp

Filesize
120KB

Download
memory/3052-12-0x0000000002630000-0x0000000002642000-memory.dmp

Filesize
72KB

Download
memory/3052-13-0x00007FFAA3640000-0x00007FFAA4101000-memory.dmp

Filesize
10.8MB

Download
memory/3052-15-0x00007FFAA3640000-0x00007FFAA4101000-memory.dmp

Filesize
10.8MB

Download
memory/3052-14-0x0000000002650000-0x000000000268C000-memory.dmp

Filesize
240KB

Download
memory/3052-16-0x00007FFAA3640000-0x00007FFAA4101000-memory.dmp

Filesize
10.8MB

Download
memory/3052-17-0x0000000000400000-0x00000000004FF000-memory.dmp

Filesize
1020KB

Download
memory/3052-19-0x00007FFAA3643000-0x00007FFAA3645000-memory.dmp

Filesize
8KB

Download
memory/3052-20-0x00007FFAA3640000-0x00007FFAA4101000-memory.dmp

Filesize
10.8MB

Download