Analysis
-
max time kernel
130s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
23-10-2024 07:31
Behavioral task
behavioral1
Sample
26ab43d45d842d638fa8001df1c9fb6b.exe
Resource
win7-20240903-en
General
-
Target
26ab43d45d842d638fa8001df1c9fb6b.exe
-
Size
95KB
-
MD5
26ab43d45d842d638fa8001df1c9fb6b
-
SHA1
d71abe7b5180c4f2d31cd169ddf7fbf9e42fd410
-
SHA256
8796a221328335cc0c97d7c5a73194f37b5259e5ee9479d72814fe9189267570
-
SHA512
0635c5d0ffaacb705a28a85dd5058fa72a561efa7f266882bd8e55260330dc26110e7b59d5f93580d3f34357eed08af007f730e1366b7eceb0d7783cc90552af
-
SSDEEP
1536:9HqsUEq76ElbG6jejoigIY43Ywzi0Zb78ivombfexv0ujXyyed2DtmulgS6pM:91p+68YY+zi0ZbYe1g0ujyzdLM
Malware Config
Extracted
redline
DataBase
bestmetrys.zapto.org:1019
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/2320-1-0x00000000001B0000-0x00000000001CE000-memory.dmp family_redline -
SectopRAT payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/2320-1-0x00000000001B0000-0x00000000001CE000-memory.dmp family_sectoprat -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
26ab43d45d842d638fa8001df1c9fb6b.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 26ab43d45d842d638fa8001df1c9fb6b.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
26ab43d45d842d638fa8001df1c9fb6b.exedescription pid Process Token: SeDebugPrivilege 2320 26ab43d45d842d638fa8001df1c9fb6b.exe