Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file

  • Size

    206KB

  • Sample

    230307-pxkrvshd6x

  • MD5

    307ce80121e9db63857ffbcc6e6f413e

  • SHA1

    9721de97ac9d1ff4b6224fff96700acdc2a51984

  • SHA256

    70b1cf50a59c123dacf50e8f9356e0b65c850e05aa2511bb8d5556b87ce12f8e

  • SHA512

    fc3ec1a3c8acf148051d74bec02caf5ffdd7428d271ce7f56eed8a2b78ef7014c69300d1c704861370b255e361b35daade8fb3da0dcd914d462311e5ce171961

  • SSDEEP

    6144:PYa6O699YTGIehAlmP4+LOmt4qTGu9E2kw3mP:PYA6OpeK+LO2TT/91k/P

Score
10/10
redlinesectopratcheatdiscoveryinfostealerratspywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

193.47.61.37:38369

Targets

    • Target

      file

    • Size

      206KB

    • MD5

      307ce80121e9db63857ffbcc6e6f413e

    • SHA1

      9721de97ac9d1ff4b6224fff96700acdc2a51984

    • SHA256

      70b1cf50a59c123dacf50e8f9356e0b65c850e05aa2511bb8d5556b87ce12f8e

    • SHA512

      fc3ec1a3c8acf148051d74bec02caf5ffdd7428d271ce7f56eed8a2b78ef7014c69300d1c704861370b255e361b35daade8fb3da0dcd914d462311e5ce171961

    • SSDEEP

      6144:PYa6O699YTGIehAlmP4+LOmt4qTGu9E2kw3mP:PYA6OpeK+LO2TT/91k/P

    Score
    10/10
    redlinesectopratcheatdiscoveryinfostealerratspywarestealertrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks