Overview

overview

10

Static

static

10

build.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    60s
  • max time network
    64s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-05-2023 11:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    build.exe

  • Size

    96KB

  • MD5

    d9275fd8fc75a6a054f4d08530fc3733

  • SHA1

    df0bdb0acc20f00124988d91700362b2124e6b9c

  • SHA256

    8bce72b8782d4203904947d3cc5b21ae54afb5c8fe11bf6c349bdd424cbcfe30

  • SHA512

    315b04bbb26f0403da9a62064fa677f82bd75588f895a81f6f5c20a9313c9f381b9166b32508044406220b73b4082b5fcc3b421fed2289429bbdbd5e3941e830

  • SSDEEP

    1536:h907hp8TYlbG6jejoigICyYLB3UicrMFW08UAiqumbfcxv0ujXyyed1Q3tmulgSq:kTi4YCciRWjUA57C0ujyzdLn

Score
10/10
redlinesectopratinfostealerrattrojan

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat
  • SectopRAT payload 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\build.exe
    "C:\Users\Admin\AppData\Local\Temp\build.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4124-133-0x0000000000340000-0x000000000035E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/4124-134-0x00000000052D0000-0x00000000058E8000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/4124-135-0x0000000004B90000-0x0000000004BA2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4124-136-0x0000000004BF0000-0x0000000004C2C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4124-137-0x0000000004CA0000-0x0000000004CB0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4124-138-0x0000000004EA0000-0x0000000004FAA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4124-139-0x0000000004CA0000-0x0000000004CB0000-memory.dmp

    Filesize

    64KB

    Download