Analysis
-
max time kernel
147s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
11-11-2024 06:07
Behavioral task
behavioral1
Sample
7dd686dfa515d83e0e62fa4cbe91b8c1d8b7104e.exe
Resource
win7-20241010-en
General
-
Target
7dd686dfa515d83e0e62fa4cbe91b8c1d8b7104e.exe
-
Size
95KB
-
MD5
56d90acb239e74eb1c382ebb8331d636
-
SHA1
7dd686dfa515d83e0e62fa4cbe91b8c1d8b7104e
-
SHA256
7b9f655e252c40c7d4dbc001536f534c254cb6efe16193f36d78114722239980
-
SHA512
25a88a4ee917c8fe2f91eb089c2e8248a9e3668fa62533e200cc5bc2290be9be7a0789c601b3ab4453b03c63cdb13f24ce9de04ac35c20788bf10ab230811c17
-
SSDEEP
1536:Vqsm5qeUlbG6jejoigI843Ywzi0Zb78ivombfexv0ujXyyed2Z3tmulgS6pA:TKlMY8+zi0ZbYe1g0ujyzddA
Malware Config
Extracted
redline
cheat
workstation2022.ddns.net:62099
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/2236-1-0x0000000000BB0000-0x0000000000BCE000-memory.dmp family_redline -
Redline family
-
SectopRAT payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/2236-1-0x0000000000BB0000-0x0000000000BCE000-memory.dmp family_sectoprat -
Sectoprat family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
7dd686dfa515d83e0e62fa4cbe91b8c1d8b7104e.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7dd686dfa515d83e0e62fa4cbe91b8c1d8b7104e.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
7dd686dfa515d83e0e62fa4cbe91b8c1d8b7104e.exedescription pid Process Token: SeDebugPrivilege 2236 7dd686dfa515d83e0e62fa4cbe91b8c1d8b7104e.exe