Overview

overview

10

Static

static

10

1f6c10027f...a8.exe

windows7-x64

10

1f6c10027f...a8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1f6c10027fac3c9ddf65f8671d92a8a8.exe

  • Size

    222KB

  • Sample

    230323-3bzksacg9v

  • MD5

    1f6c10027fac3c9ddf65f8671d92a8a8

  • SHA1

    3edbfb47160f79999e2a60368489a0aa622de6bf

  • SHA256

    bc4e6fa560775c5cd628fda9b39df43db02310ad5b6ed8703fe8ac1d19884b94

  • SHA512

    75df1b88d08a190bb8dcc99752ae860e74a3cfad9f375de96a9e1da278f3843b544cd36025efd2719b64b0ee9488db1415044edc956ad787ac1ec10f559f2001

  • SSDEEP

    3072:XTuOYj+zi0ZbYe1g0ujyzd98xc4wK9axJJx80st2hRcLuPR1/WUz4:X6OYqG0LahyD+FE7s8p1Oh

Score
10/10
redlinesectopratmo2axyzdiscoveryinfostealerratspywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

Mo2aXYZ

C2

172.174.202.77:2341

Targets

    • Target

      1f6c10027fac3c9ddf65f8671d92a8a8.exe

    • Size

      222KB

    • MD5

      1f6c10027fac3c9ddf65f8671d92a8a8

    • SHA1

      3edbfb47160f79999e2a60368489a0aa622de6bf

    • SHA256

      bc4e6fa560775c5cd628fda9b39df43db02310ad5b6ed8703fe8ac1d19884b94

    • SHA512

      75df1b88d08a190bb8dcc99752ae860e74a3cfad9f375de96a9e1da278f3843b544cd36025efd2719b64b0ee9488db1415044edc956ad787ac1ec10f559f2001

    • SSDEEP

      3072:XTuOYj+zi0ZbYe1g0ujyzd98xc4wK9axJJx80st2hRcLuPR1/WUz4:X6OYqG0LahyD+FE7s8p1Oh

    Score
    10/10
    redlinesectopratmo2axyzdiscoveryinfostealerratspywarestealertrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks