Analysis
-
max time kernel
142s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09-11-2024 06:44
Behavioral task
behavioral1
Sample
build.exe
Resource
win7-20240729-en
General
-
Target
build.exe
-
Size
95KB
-
MD5
4fc7b065cb4c278d320f5b7d4eed60ae
-
SHA1
301a30fe5e355dc1196bef16165a0fee809d1122
-
SHA256
6db259d45bbd76c7ced06f0eede1f015b2d7357d39252e48e13345d70ed02bf8
-
SHA512
201cd36cd8a2472ac1ae8be9b06adfc143c0c74200cca2d6b02eb4bc606d88838a32d65d021d9e45e263738c0c9c4c13ebc9aa7c11e07e6dd3403347de67e1aa
-
SSDEEP
1536:5qsCbqDylbG6jejoigIj43Ywzi0Zb78ivombfexv0ujXyyed2d3tmulgS6p8l:XEwiYj+zi0ZbYe1g0ujyzdp8
Malware Config
Extracted
redline
cheat
0.tcp.ngrok.io:10680
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/1592-1-0x0000000000DD0000-0x0000000000DEE000-memory.dmp family_redline -
Redline family
-
SectopRAT payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/1592-1-0x0000000000DD0000-0x0000000000DEE000-memory.dmp family_sectoprat -
Sectoprat family
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
build.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language build.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
build.exedescription pid Process Token: SeDebugPrivilege 1592 build.exe