Overview

overview

6

Static

static

1

IGG-REDCON...02.dll

windows7-x64

1

IGG-REDCON...02.dll

windows10-2004-x64

1

IGG-REDCON...02.exe

windows7-x64

1

IGG-REDCON...02.exe

windows10-2004-x64

1

IGG-REDCON...CO.url

windows7-x64

6

IGG-REDCON...CO.url

windows10-2004-x64

3

IGG-REDCON...OM.url

windows7-x64

1

IGG-REDCON...OM.url

windows10-2004-x64

4

IGG-REDCON...ER.exe

windows7-x64

6

IGG-REDCON...ER.exe

windows10-2004-x64

6

IGG-REDCON...on.exe

windows7-x64

1

IGG-REDCON...on.exe

windows10-2004-x64

1

IGG-REDCON...mu.dll

windows7-x64

1

IGG-REDCON...mu.dll

windows10-2004-x64

1

IGG-REDCON...ll.dll

windows7-x64

3

IGG-REDCON...ll.dll

windows10-2004-x64

3

IGG-REDCON...64.dll

windows7-x64

3

IGG-REDCON...64.dll

windows10-2004-x64

3

IGG-REDCON...ay.dll

windows7-x64

1

IGG-REDCON...ay.dll

windows10-2004-x64

3

IGG-REDCON...ay.dll

windows7-x64

1

IGG-REDCON...ay.dll

windows10-2004-x64

3

IGG-REDCON...64.dll

windows7-x64

1

IGG-REDCON...64.dll

windows10-2004-x64

1

IGG-REDCON...lp.dll

windows7-x64

1

IGG-REDCON...lp.dll

windows10-2004-x64

1

IGG-REDCON...10.dll

windows7-x64

3

IGG-REDCON...10.dll

windows10-2004-x64

3

IGG-REDCON...10.dll

windows7-x64

3

IGG-REDCON...10.dll

windows10-2004-x64

3

Resubmissions

31-03-2023 23:15

230331-28yt3sec63 6

31-03-2023 23:09

230331-25cgnsec34 6

Analysis

  • max time kernel
    58s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    31-03-2023 23:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    IGG-REDCON.v1.3.0/LAUNCHER.exe

  • Size

    227KB

  • MD5

    2f4a7fff291d215c42782b66dbbdc28f

  • SHA1

    ac6ffdf41e531308358ff621422df2e879c4ae55

  • SHA256

    81670b11a1848fdfa52c3dc72d0c80086ab94a52386498f9014fc7010bd69d2f

  • SHA512

    0425cfdbc3ddf53cebfc8983980f909161ee9ddb64131e9cb75f7a096fedeca2714cef3ada8d76e6c6e8fa1a9a79868fec6af53f15b7d9296ff51ff6d0a4f8b6

  • SSDEEP

    3072:MGtleufyNONL4MdzNOY4jb1pQFhHKPtOHO6VrVPoVJtCbhVPoVJtCbFyf:DtleuqKEYUYQyHHKPtOHRWehWeQ

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\IGG-REDCON.v1.3.0\LAUNCHER.exe
    "C:\Users\Admin\AppData\Local\Temp\IGG-REDCON.v1.3.0\LAUNCHER.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1856
    • C:\Users\Admin\AppData\Local\Temp\IGG-REDCON.v1.3.0\Redcon.exe
      "C:\Users\Admin\AppData\Local\Temp\IGG-REDCON.v1.3.0\Redcon.exe"
      2⤵
      • Writes to the Master Boot Record (MBR)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1816
      • C:\Windows\SysWOW64\rundll32.exe
        "C:\Windows\system32\rundll32.exe" "C:\Users\Admin\AppData\Local\Temp\IGG-REDCON.v1.3.0\SmartSteamEmu.dll",InitSSE
        3⤵
        • Writes to the Master Boot Record (MBR)
        • Suspicious behavior: EnumeratesProcesses
        PID:364
      • C:\Users\Admin\AppData\Local\Temp\IGG-REDCON.v1.3.0\CrashSender1402.exe
        "C:\Users\Admin\AppData\Local\Temp\IGG-REDCON.v1.3.0\CrashSender1402.exe" "e59ff213-76f6-43f3-a11d-c241480265ca"
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1644
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x578
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1616

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IGG-REDCON.v1.3.0\SmartSteamEmu\Plugins\SSEOverlay.ini
    Filesize

    34B

    MD5

    480005b54033d978380bff940142462d

    SHA1

    e84e358f9c806852d2c3a54f98a85c35754c21e9

    SHA256

    546bde00c0b7a1df06d6dc2d2e47c32a2bcc7df94b0025685b71e321acf07f0d

    SHA512

    a517dcf5958ae24c2c1dcd89a7a5383673df68767932aba64348ad619b060eac12973054811534dc9963c89f553f2d366a212f35548b05503a936208f1badc61

    Download Submit
  • memory/364-66-0x00000000001A0000-0x00000000001B0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1644-69-0x0000000000210000-0x0000000000211000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1816-54-0x00000000000C0000-0x00000000000D0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1816-56-0x0000000000230000-0x0000000000240000-memory.dmp
    Filesize

    64KB

    Download