cad0e84b5c7a0aa2f60edecd9edd8a0db0fcdf439de63db7f1a4a06f3ebcf09e

Resubmissions

31-03-2023 23:15

230331-28yt3sec63 6

31-03-2023 23:09

230331-25cgnsec34 6

Sharing

Copy URL

Twitter E-mail

General

Target

IGG-REDCON.v1.3.0.rar
Size

33.2MB
Sample

230331-25cgnsec34
MD5

747e51948629d288108d229483196f3b
SHA1

0d640cbe55d9ba243e42b3115656a2ce225c62f6
SHA256

cad0e84b5c7a0aa2f60edecd9edd8a0db0fcdf439de63db7f1a4a06f3ebcf09e
SHA512

388b41c10b18695f3927b3a08e1334ddc2758b45541d628cc99af5df4937e485a85a99137bdd3b52b0898450ec84822dab95db101353ddad08e5e487d606ae45
SSDEEP

393216:eXZZYZMNuEJE7Yov7JyQZkDotm+xRtjlXkptqkF/uY8GLgFnvG4eHkZG0OzT4Vgw:eXy0Sj7J10otm+DnNk5BYeWGlzT4GGH

Score

6^/10

Malware Config

Targets

- Target
  
  IGG-REDCON.v1.3.0/CrashRpt1402.dll
- Size
  
  149KB
- MD5
  
  cb8615fdc88807fa810f0dd037e70326
- SHA1
  
  179acc4ffc4baca4860e2365074839cb6785f1d2
- SHA256
  
  1342ac88b306ab4b4c269fcaa2434449a0932ac5b8805666751d4fdee26fd32b
- SHA512
  
  31e1dfb0272e41737f1deea57e2775541ded1326a8c65a8dcd132281180de36741b5976a311eb0e0d25fda76ec32a63ce3e4d94eca1c3b04d564db5dcbe5fa09
- SSDEEP
  
  3072:wCYt1vpEjwxfDE0uPWR8BZCxR3lI230OiqPrxIqGYG:kt1vKjw1g0ueNH9JIqc
Score

1^/10
behavioral1 behavioral2
- Target
  
  IGG-REDCON.v1.3.0/CrashSender1402.exe
- Size
  
  948KB
- MD5
  
  a0cb5a09f0a613cd95584661bc4ef4f4
- SHA1
  
  8eb13e3c346fc895a4b52cc18d1b26a6bf4ca7e6
- SHA256
  
  663f3d4026b1f1b9887f999ba0127d599f22cbd2f55ef3161e129798ebf434fb
- SHA512
  
  8077779316a718dfce3af8c976577349db1107782ab233fbc40a44dd1ff1183c9516054ec02116e1f1bcef4b775100246125d0adb25a85e7142d9c06b1c7bcf6
- SSDEEP
  
  24576:LM8qwQMm1dbeWBs+MQOaK4lxmMSlNS0vDAz/NwJNauWTvNRQ:LM8w15Bs+MQOMlgSuDy/NynWTQ
Score

1^/10
behavioral3 behavioral4
- Target
  
  IGG-REDCON.v1.3.0/GAMESTORRENT.CO.url
- Size
  
  196B
- MD5
  
  22418db266e93f3d2325a86817a6fc09
- SHA1
  
  56fad950b78092feccde4d2d8eeed9eca7eaafca
- SHA256
  
  05658194e8de811116b86d073fbf95d0831f8a05b26e97908a44cad5cd8470af
- SHA512
  
  9bbe646d3254d769df6e53e884a0a717c8ea68e2b47ff647aa4382f66c597b22f950c1a7d2be9a2a0720506c7964eb4912f22a7c1e02ae6a48bdc13756195a33
Score

6^/10

evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral5 behavioral6
- Target
  
  IGG-REDCON.v1.3.0/IGG-GAMES.COM.url
- Size
  
  198B
- MD5
  
  e4aeaaca90fce67661f114822a05821c
- SHA1
  
  383566802ada60fa79899fafd8965787165cc9a3
- SHA256
  
  6626bfe6c288b998647273217e711fc913371597756601d88b4352a57215d591
- SHA512
  
  6c53520d70d03ef00526648fd282b83b4faa21d8784aa848682fc023df0173142403723c2e932590d53cb1ff5439b63cc20cc640333c0e646952855436c7282c
Score

4^/10
behavioral7 behavioral8
- Target
  
  IGG-REDCON.v1.3.0/LAUNCHER.exe
- Size
  
  227KB
- MD5
  
  2f4a7fff291d215c42782b66dbbdc28f
- SHA1
  
  ac6ffdf41e531308358ff621422df2e879c4ae55
- SHA256
  
  81670b11a1848fdfa52c3dc72d0c80086ab94a52386498f9014fc7010bd69d2f
- SHA512
  
  0425cfdbc3ddf53cebfc8983980f909161ee9ddb64131e9cb75f7a096fedeca2714cef3ada8d76e6c6e8fa1a9a79868fec6af53f15b7d9296ff51ff6d0a4f8b6
- SSDEEP
  
  3072:MGtleufyNONL4MdzNOY4jb1pQFhHKPtOHO6VrVPoVJtCbhVPoVJtCbFyf:DtleuqKEYUYQyHHKPtOHRWehWeQ
Score

6^/10

bootkit persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral10 behavioral9
- Target
  
  IGG-REDCON.v1.3.0/Redcon.exe
- Size
  
  2.2MB
- MD5
  
  3255904825d37102a27f6d7566fad79e
- SHA1
  
  40e1ec3f9bcbd7f9d73b98d5ba3d802895b149f7
- SHA256
  
  f757ef46cc316197f0339ac819af978940ca1ec7d556a03d572a5afb127bf0de
- SHA512
  
  dadf74893f113e9a091eb0cb326a2a03a5f22fdba053c81ba902922613073887e7392e94ec223acb62d0fd9dbe0397b82e1b692b7b7352c06df76a9ab252be1d
- SSDEEP
  
  49152:mi3Ls3xd8aYt+aJJ7zK+os/ZpFz6jWRSZP9mrTeHjHPp6qai6O:mdh3Yt+aLD/ZpFz6ZZP
Score

1^/10
behavioral11 behavioral12
- Target
  
  IGG-REDCON.v1.3.0/SmartSteamEmu.dll
- Size
  
  4.8MB
- MD5
  
  ea60af14fd983c6ed4c410ef1c4895a4
- SHA1
  
  cfca46eacb8cdc23634ffd47488cc0bf81ffdd6d
- SHA256
  
  57d75a31a2e70b55122427a2ccfb5c23d69e2cc239447924f0a245faf0db0020
- SHA512
  
  373992e51d959ac3c19b8b2956513024705b672b41765f1888f874662fd25c9ac8f57326e5d6d0f64affb3f7cc212cc4ea83984bf02603a1508c72c7e666eea6
- SSDEEP
  
  98304:cbvdZ9l4aC03V5jXc7dus/ik7BjTT8qE:CjxC0sduOMq
Score

1^/10
behavioral13 behavioral14
- Target
  
  IGG-REDCON.v1.3.0/SmartSteamEmu/Plugins/SSEFirewall.dll
- Size
  
  16KB
- MD5
  
  d51335bfb0a6ae5cdff188f221dec879
- SHA1
  
  655c26e2252cb37691497b2100c3b1222ee4eb15
- SHA256
  
  0c96d0803d8a6591c625221f83b444fc78cb2bdf7910e5d5401b10733abd2df3
- SHA512
  
  a5204f528ac581ddd41101e97cb9fa03a370fca763abf262ec4cb7bce4e057ccfd368f427ae63fc6de535fbb0235517832538c450b6486f3da3e9f89e6a79926
- SSDEEP
  
  384:VYAxm+gWN5bCpg+NQiKTiZCWdDMj+kZOZKPVI3:eKgWN9ObhZCWdDMjLOZKdI3
Score

3^/10
behavioral15 behavioral16
- Target
  
  IGG-REDCON.v1.3.0/SmartSteamEmu/Plugins/SSEFirewall64.dll
- Size
  
  20KB
- MD5
  
  f5753caf0fdf0aaaff4dd542d2eaf441
- SHA1
  
  9af901c309fd5e2d1c263597ed13b5ca71826390
- SHA256
  
  5ad094eededaee23d57b9248c74116e94032c83053bb2e042e4624bfcd5a0490
- SHA512
  
  9efe0ac8d7a4dc5f01d3d32ba3729ee1fd44b8e33892377fd893ea7eacf09d2cf70c215a9a2c913e69e07838fc9c9f4fb31f5a47b67341c302c3b306e9802e1e
- SSDEEP
  
  384:crMgaY2ey+sW5K0i00k72NoXPeW+F4MGTCxDJAzm6Olxcat:eMZY2d+D5A7k72SXPB44MGTCzAz5Olya
Score

3^/10
behavioral17 behavioral18
- Target
  
  IGG-REDCON.v1.3.0/SmartSteamEmu/Plugins/x64/SSEOverlay.dll
- Size
  
  1.0MB
- MD5
  
  f692c2e75e3ac554ad9e4220162839e5
- SHA1
  
  a6b62d81d058efb3ae53a9af6a1660808bcb7a53
- SHA256
  
  1b5221eb9da31d469ffa482b46a6b3416348a28e2f52a84d5d314ce5c94f3603
- SHA512
  
  9638ac19a0f8894644f6129b65e29bf1287b3d5a78830fe2d00a6ca6c1bdfe6fed63f2b4d9ee6c3a42b86af7c7d22fa9ba670e7690656f7ea1cc6810923f56a8
- SSDEEP
  
  12288:J+IGK5TTI3XRqVDbQ4vbV4SAP4fZ9L4KcdD+6+UgggBy8pHU7YjBF6w6MihvTZaq:J+IXI3XRmDbpyuUcwMKtaxGDeRK3
Score

3^/10
behavioral19 behavioral20
- Target
  
  IGG-REDCON.v1.3.0/SmartSteamEmu/Plugins/x86/SSEOverlay.dll
- Size
  
  850KB
- MD5
  
  1052fc288b2b7afa3bccefcc925de8ae
- SHA1
  
  e9b1e32774d0920057c29e9be530346ce382b83d
- SHA256
  
  2093ac632a1474ecd89ae6e615892bf7f0dc5547aea73391ba7b89c023cf56da
- SHA512
  
  0b47f8164693a173fc54c99df97f233f2cf0815c92fb6f930298d963647030322d3a84cb166395e6e06926dee0b982830779b1eee06e2f049c06ec9012e7b9f1
- SSDEEP
  
  24576:ZO8M20nkaZfwn+f4ezu8yWKuIoWrYg3v4I:ZV0nd2Mu8tcLf
Score

3^/10
behavioral21 behavioral22
- Target
  
  IGG-REDCON.v1.3.0/SmartSteamEmu64.dll
- Size
  
  6.1MB
- MD5
  
  04a0ff25eab839c4272a508e1dcb28d1
- SHA1
  
  1e47389e33ed70db79973d976305421a6c83d414
- SHA256
  
  37b19395f2ddf9414d053aa6db765142ca06a7f05e847e342fdb5d7ebf56cba7
- SHA512
  
  80df5138c3f84750becaab9a7558314e3053ff97368f91eb8cd91a77e8b528e1bf0dc120f92dac1372d67b8dcee3a2ca325fe741aaa2a98d9aed085a9e0fa55a
- SSDEEP
  
  49152:Hf5dPmWeIdxYOJjt98NMMSbZEE0ROeY+1s6LR9IuJPxI9tdUvS2Bb1ptKK0Qupk:HfVbsNGZEEk1lJPjptKK0DKAd
Score

1^/10
behavioral23 behavioral24
- Target
  
  IGG-REDCON.v1.3.0/dbghelp.dll
- Size
  
  1.0MB
- MD5
  
  5c5e3afd499e5146fef1da5ef8a23205
- SHA1
  
  8245691416e509a3a1bd8e321aa6d2ff1925a224
- SHA256
  
  9a26ffaffb26fa6549c6da75f76238a903ca723f9dad356fba8d91067fe312fd
- SHA512
  
  595eb2a4928092a64224077a3fee0dc80a58cb12cf174bf648efe381f81846f345f1f1556cfd90026715ae4fd5c7913eeb46cc7df08f97118a76c58422e7d0dc
- SSDEEP
  
  24576:MA/j0DVD9vQYvfPlhPbZA28wtdzswxeqWiZUC82OLmoQKXIzrWNz:iVDZQYvfPlhPbZ97tdKeUC/OLmoQs
Score

1^/10
behavioral25 behavioral26
- Target
  
  IGG-REDCON.v1.3.0/msvcp110.dll
- Size
  
  522KB
- MD5
  
  3e29914113ec4b968ba5eb1f6d194a0a
- SHA1
  
  557b67e372e85eb39989cb53cffd3ef1adabb9fe
- SHA256
  
  c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a
- SHA512
  
  75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43
- SSDEEP
  
  12288:FqULIc5nb9rywgfyhUgiW6QR7t5sA3Ooc8sHkC2eRxUH:PLHnhryLfBA3Ooc8sHkC2eRxUH
Score

3^/10
behavioral27 behavioral28
- Target
  
  IGG-REDCON.v1.3.0/msvcr110.dll
- Size
  
  854KB
- MD5
  
  4ba25d2cbe1587a841dcfb8c8c4a6ea6
- SHA1
  
  52693d4b5e0b55a929099b680348c3932f2c3c62
- SHA256
  
  b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49
- SHA512
  
  82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6
- SSDEEP
  
  12288:TmCyHcMpK7QdgD+9Tr8r3FmJciMgLFWkA8qTWu+FVlofpJCjNdr12iqwZeq:TmCyHNIQdTryVmCipIkqTWu+Fr
Score

3^/10
behavioral29 behavioral30

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Checks whether UAC is enabled

Looks up external IP address via web service

Writes to the Master Boot Record (MBR)

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30