General
-
Target
Steinberg.Cubase.Ai.5.5.1.2.serials.keygen.zip
-
Size
5.2MB
-
Sample
210406-llnnv2drne
-
MD5
661ada13ea1098d7f10758cadffb53b9
-
SHA1
6ffe294eb123181156070378e0c71532709fc44b
-
SHA256
40a6e48902c5c94c8b48ee55bc3a1204a975de38b5a4d67bf12e407d71ad3e65
-
SHA512
238e94bc44421acf79b46a2868a2d9014e5e8c70fe45e410c0260e46063d9053582d0d705e7cae0294cfc8be26732ac3b3290f96c59aa72690cd41a317ea9195
Static task
static1
Behavioral task
behavioral1
Sample
Steinberg.Cubase.Ai.5.5.1.2.serials.keygen.exe
Resource
win10v20201028
Behavioral task
behavioral2
Sample
Steinberg.Cubase.Ai.5.5.1.2.serials.keygen.exe
Resource
win10v20201028
Behavioral task
behavioral3
Sample
Steinberg.Cubase.Ai.5.5.1.2.serials.keygen.exe
Resource
win10v20201028
Behavioral task
behavioral4
Sample
Steinberg.Cubase.Ai.5.5.1.2.serials.keygen.exe
Resource
win10v20201028
Behavioral task
behavioral5
Sample
Steinberg.Cubase.Ai.5.5.1.2.serials.keygen.exe
Resource
win7v20201028
Malware Config
Extracted
azorult
http://kvaka.li/1210776429.php
Extracted
raccoon
154a0d85cf85cd8068dff18ef7c437721cdc0ffe
-
url4cnc
https://telete.in/j9ca1pel
Extracted
http://labsclub.com/welcome
Extracted
metasploit
windows/single_exec
Extracted
icedid
3238222152
sakiloirania.fun
Extracted
redline
fullynew
rlmushahel.xyz:80
Extracted
redline
Kolokol
pokacienon.xyz:80
Extracted
redline
6allsupp
jbeaef.ml:80
Extracted
dridex
10111
210.65.244.183:8443
131.100.24.199:2303
Targets
-
-
Target
Steinberg.Cubase.Ai.5.5.1.2.serials.keygen.exe
-
Size
5.3MB
-
MD5
6261ff42492cc2ea66c5023ae7518083
-
SHA1
74f643edc244d365c238bbf6fa8e107ac9294ae2
-
SHA256
c05884375f861cb07a96edb476e7e17779bd476d1c119a195a8ff6206a9c0923
-
SHA512
8384f10cc6d12e07743a4460e4ebd3a178bc6f9d43002c8047cdae6e3e2a9254d7f1a674a0f84b12322879b9f57fd039d4ab20efa6efa7dfba8033d64e279ecd
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Glupteba Payload
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
IcedID First Stage Loader
-
XMRig Miner Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v6
Defense Evasion
Modify Registry
4Install Root Certificate
1Hidden Files and Directories
1