Overview

overview

10

Static

static

10

build.exe

windows10-2004-x64

10

build.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    268s
  • max time network
    204s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-05-2024 12:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    build.exe

  • Size

    95KB

  • MD5

    760bf600ba8eaa08aebfc21f11e84687

  • SHA1

    7eb7eb90e2fe67d408c3c93a1881aa35e3c02438

  • SHA256

    1d954ce7e83b5ca61bbc81818496749803030ba3c352c0aaac2e4e573fd01493

  • SHA512

    4a1d1edea5590260d0c57268399c2dceaf07e6f5ffe82d24ff8095678c4d52513387f851cd8c1335bccf94b4586de7fb54450d7a3ada2bd5c44b3da66830b777

  • SSDEEP

    1536:iqseNqBUlbG6jejoigIk43Ywzi0Zb78ivombfexv0ujXyyed2Y3tmulgS6p4:AOCMYk+zi0ZbYe1g0ujyzdq4

Score
10/10
redlinesectopratcheatdiscoveryinfostealerratspywaretrojan

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

memory-intended.gl.at.ply.gg:51752

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat
  • SectopRAT payload 1 IoCs
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\build.exe
    "C:\Users\Admin\AppData\Local\Temp\build.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4424

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4424-0-0x0000000074A0E000-0x0000000074A0F000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4424-1-0x0000000000DE0000-0x0000000000DFE000-memory.dmp
    Filesize

    120KB

    Download
  • memory/4424-2-0x0000000005D30000-0x0000000006348000-memory.dmp
    Filesize

    6.1MB

    Download
  • memory/4424-3-0x00000000057B0000-0x00000000057C2000-memory.dmp
    Filesize

    72KB

    Download
  • memory/4424-4-0x0000000005810000-0x000000000584C000-memory.dmp
    Filesize

    240KB

    Download
  • memory/4424-5-0x0000000005850000-0x000000000589C000-memory.dmp
    Filesize

    304KB

    Download
  • memory/4424-6-0x0000000074A00000-0x00000000751B0000-memory.dmp
    Filesize

    7.7MB

    Download
  • memory/4424-7-0x0000000005AB0000-0x0000000005BBA000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/4424-8-0x0000000006D90000-0x0000000006F52000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/4424-9-0x0000000007490000-0x00000000079BC000-memory.dmp
    Filesize

    5.2MB

    Download
  • memory/4424-10-0x0000000006D20000-0x0000000006D86000-memory.dmp
    Filesize

    408KB

    Download
  • memory/4424-11-0x0000000007140000-0x00000000071D2000-memory.dmp
    Filesize

    584KB

    Download
  • memory/4424-12-0x00000000071E0000-0x0000000007256000-memory.dmp
    Filesize

    472KB

    Download
  • memory/4424-13-0x0000000007F70000-0x0000000008514000-memory.dmp
    Filesize

    5.6MB

    Download
  • memory/4424-14-0x0000000007360000-0x000000000737E000-memory.dmp
    Filesize

    120KB

    Download
  • memory/4424-34-0x0000000074A00000-0x00000000751B0000-memory.dmp
    Filesize

    7.7MB

    Download