Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
11-11-2024 06:49
Behavioral task
behavioral1
Sample
Netflix CheckerV12.9.exe
Resource
win7-20241010-en
General
-
Target
Netflix CheckerV12.9.exe
-
Size
95KB
-
MD5
42fe72738e1370f5bbaeb3db4f876355
-
SHA1
6f6f1e41876a3173784b2a86963d3edb5a3759bc
-
SHA256
be21f545f9fe4431d9a3c1369dba40ec4cd395106caef6c51c7ce04e6f44419d
-
SHA512
24c4198b87051c08fbf91affa4a227ce9ad3a854a271c35b414569cf5a44c03f06c7ed172fc23a60d28e7096641c6b866167405961c91d5cd3d4b117723b2766
-
SSDEEP
1536:Fqsgaq+A/lbG6jejoigIP43Ywzi0Zb78ivombfexv0ujXyyed2J3teulgS6pQl:DfZeYP+zi0ZbYe1g0ujyzdxQ
Malware Config
Extracted
redline
cheat
2.tcp.eu.ngrok.io:10642
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/576-1-0x0000000000FF0000-0x000000000100E000-memory.dmp family_redline -
Redline family
-
SectopRAT payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/576-1-0x0000000000FF0000-0x000000000100E000-memory.dmp family_sectoprat -
Sectoprat family
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
Netflix CheckerV12.9.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Netflix CheckerV12.9.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
Netflix CheckerV12.9.exedescription pid process Token: SeDebugPrivilege 576 Netflix CheckerV12.9.exe