Overview

overview

10

Static

static

3

ab700abfc6...8b.exe

windows7-x64

10

ab700abfc6...8b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11-11-2024 09:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ab700abfc6602fe946fa023b51b2e05fca6b4aafe2e5ea722cfa9acfdc03618b.exe

  • Size

    287KB

  • MD5

    70b86808e60c67ee884238c4aed1a791

  • SHA1

    e6197f4e17ece4116d8e3379926818ad2bbee4ad

  • SHA256

    ab700abfc6602fe946fa023b51b2e05fca6b4aafe2e5ea722cfa9acfdc03618b

  • SHA512

    95645b896dae2a78a2bf77283745e9a5741f60b7f9cab93c500f4fb76de0912c7d956e7f714d2fd5cff107dad6b964f13bb6ffe65f1c6e8967a1e515ac58b2b7

  • SSDEEP

    6144:3pLF667ZwffB1lPg1IJ1/vBfvnT/jtLy77rRgJ+ojTwa/RxJg:3pRqfp1d7f/pfvTbYRQ+EY

Score
10/10
redlinesectopratsewpalpadindiscoveryinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

SewPalpadin

C2

185.215.113.114:8887

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 2 IoCs
  • Redline family
    redline
  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat
  • SectopRAT payload 2 IoCs
  • Sectoprat family
    sectoprat
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ab700abfc6602fe946fa023b51b2e05fca6b4aafe2e5ea722cfa9acfdc03618b.exe
    "C:\Users\Admin\AppData\Local\Temp\ab700abfc6602fe946fa023b51b2e05fca6b4aafe2e5ea722cfa9acfdc03618b.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:2980

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2980-1-0x00000000030E0000-0x00000000031E0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2980-2-0x0000000000400000-0x0000000000432000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2980-4-0x0000000000400000-0x0000000002C7F000-memory.dmp

    Filesize

    40.5MB

    Download

  • memory/2980-3-0x0000000002E50000-0x0000000002E70000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2980-5-0x0000000000400000-0x0000000002C7F000-memory.dmp

    Filesize

    40.5MB

    Download

  • memory/2980-6-0x00000000030C0000-0x00000000030DE000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2980-7-0x00000000030E0000-0x00000000031E0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2980-8-0x0000000000400000-0x0000000000432000-memory.dmp

    Filesize

    200KB

    Download