Overview

overview

10

Static

static

10

buildrobert.exe

windows7-x64

10

buildrobert.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    135s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/08/2023, 13:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    buildrobert.exe

  • Size

    95KB

  • MD5

    0d513ebe640b1c1ed0181a95ec244293

  • SHA1

    a89b12f9ab27cce0776aa4f5257ede3a30da23d3

  • SHA256

    2510c6b6dfb999750d61ce39828c59d2cf8b43917b179e0d65ea70d087ed0a37

  • SHA512

    b4fefcf03f80d17c478a7d278360f2155be6a80f79de03077b6a2bb5d53eedf1545e6ad5caa5369a616ce86b9e310fa5efc1e5b2b5ddd4ea9753d3b958dc5892

  • SSDEEP

    1536:5qsCbqDylbG6jejoigIj43Ywzi0Zb78ivombfexv0ujXyyed2K3tmulgS6p8l:XEwiYj+zi0ZbYe1g0ujyzdI8

Score
10/10
redlinesectopratcheatinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

15.228.188.221:29991

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat
  • SectopRAT payload 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\buildrobert.exe
    "C:\Users\Admin\AppData\Local\Temp\buildrobert.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1936-0-0x0000000000270000-0x000000000028E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/1936-1-0x0000000075070000-0x0000000075820000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1936-2-0x0000000005320000-0x0000000005938000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/1936-3-0x0000000004BF0000-0x0000000004C02000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1936-4-0x0000000004C50000-0x0000000004C8C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1936-5-0x0000000004CF0000-0x0000000004D00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1936-6-0x0000000004F00000-0x000000000500A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1936-7-0x0000000075070000-0x0000000075820000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1936-8-0x0000000004CF0000-0x0000000004D00000-memory.dmp

    Filesize

    64KB

    Download