Analysis
-
max time kernel
16s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
29-06-2024 18:36
Behavioral task
behavioral1
Sample
Build.exe
Resource
win7-20240220-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
Build.exe
Resource
win10v2004-20240611-en
5 signatures
150 seconds
General
-
Target
Build.exe
-
Size
141KB
-
MD5
19e47b9abf123f4502545a5fcb43c855
-
SHA1
c722baba8294f20abdb344b61d72d444a4171b62
-
SHA256
d3215483bba6219bb6587367aa3fa8c1737706497ed4befcb175649dc00e7be2
-
SHA512
8c358748e913fdf227b58f6a46719fa7582295e30dcfe9b06fce624240d066f666d481d661ee42b106ff32e78877993d9680e921a9bc1fca4aa00269d2b09173
-
SSDEEP
3072:FK1JZOpTvVQZ+rcIeRYs6YmszJqoD2X7BpGGoMTb3R35dINX9r59x4:kOpu0rjeRbVJqoDC1pGGoMTb3RDINN
Score
10/10
Malware Config
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/2280-1-0x0000000000810000-0x000000000083A000-memory.dmp family_redline -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
Build.exedescription pid process Token: SeDebugPrivilege 2280 Build.exe