General
-
Target
afda14bb01d49f990c630fb905ad10f0.exe
-
Size
95KB
-
Sample
230228-pdcbdabc52
-
MD5
afda14bb01d49f990c630fb905ad10f0
-
SHA1
26e373fec80fe8a05292bd47151d6d80b732eda0
-
SHA256
1cc7c37baa9861920ab2fc557e126a9f4ec10ff5ee23578c9f0857c4e7108a87
-
SHA512
c929fe9e5e7edf3a9742a0c5455d7c91f4712498f760dd2ffeccb66bba63f5c73443f8893ee0f584610c8869447d12e6b38ed742cea3766c7ef91d0ced3b6e53
-
SSDEEP
1536:9qs+XqrzWBlbG6jejoigI343Ywzi0Zb78ivombfexv0ujXyyed23tmulgS6pY:r0gzWHY3+zi0ZbYe1g0ujyzdvY
Malware Config
Extracted
redline
test1
20.226.37.161:6748
Targets
-
-
Target
afda14bb01d49f990c630fb905ad10f0.exe
-
Size
95KB
-
MD5
afda14bb01d49f990c630fb905ad10f0
-
SHA1
26e373fec80fe8a05292bd47151d6d80b732eda0
-
SHA256
1cc7c37baa9861920ab2fc557e126a9f4ec10ff5ee23578c9f0857c4e7108a87
-
SHA512
c929fe9e5e7edf3a9742a0c5455d7c91f4712498f760dd2ffeccb66bba63f5c73443f8893ee0f584610c8869447d12e6b38ed742cea3766c7ef91d0ced3b6e53
-
SSDEEP
1536:9qs+XqrzWBlbG6jejoigI343Ywzi0Zb78ivombfexv0ujXyyed23tmulgS6pY:r0gzWHY3+zi0ZbYe1g0ujyzdvY
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-