Analysis
-
max time kernel
1563s -
max time network
1564s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
01-12-2024 04:00
General
-
Target
Redlinestealer2020-main/OpenPort.bat
-
Size
94B
-
MD5
cf1cc90281e28cee22dce7ed013c2678
-
SHA1
2f213a71b76db3e51ad2d659f84dc1f3f90725fb
-
SHA256
84399f8bccefa404e156a5351b1de75a2d5290b4fddd1754efb16401ed7218ef
-
SHA512
2b61c1da7cc66506537719cedab82f172d2ac1af4df69513ba64507a5ed67989974f81791faf08c5855580df53f564600381be34c340b825f1f01919948921e1
Score
8/10
Malware Config
Signatures
-
Modifies Windows Firewall 2 TTPs 1 IoCs
-
Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs
Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Redlinestealer2020-main\OpenPort.bat"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="RLS" dir=in action=allow protocol=TCP localport=66772⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
-