redline | 632d4d07cceaf22b425c7c3cb72ddfebafa5875df162fe973c6b3d9d0ed90946 | Triage

Submit
Reports

Overview

overview

Static

static

1964-55-0x...ry.exe

windows7-x64

1964-55-0x...ry.exe

windows10-2004-x64

Sharing

General

Target

1964-55-0x0000000000250000-0x000000000026E000-memory.dmp
Size

120KB
Sample

230324-jwqzlafb5t
MD5

5de6d21be99b4300676781c836dedfb7
SHA1

b4075d19a6711541f37ecd084e2459d46c9c1aff
SHA256

632d4d07cceaf22b425c7c3cb72ddfebafa5875df162fe973c6b3d9d0ed90946
SHA512

52b96ab8b6a4143c892061be617677c14414d4f6edc9572252bea5a4431de3247e3d2b4fa727803789cb073a47fd9a13f9641fdbba26cceca88ce5ba46f34723
SSDEEP

1536:5qsIOqJGlbG6jejoigIj43Ywzi0Zb78ivombfexv0ujXyyed2ZteulgS6p8l:XTuOYj+zi0ZbYe1g0ujyzd98

Score

10^/10

redline sectoprat mo2axyz discovery infostealer rat spyware stealer trojan

Static task

static1

mo2axyz redline sectoprat

4 signatures

Behavioral task

behavioral1

Sample

1964-55-0x0000000000250000-0x000000000026E000-memory.exe

Resource

win7-20230220-en

redline sectoprat mo2axyz discovery infostealer rat spyware stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

1964-55-0x0000000000250000-0x000000000026E000-memory.exe

Resource

win10v2004-20230220-en

redline sectoprat mo2axyz discovery infostealer rat spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

Mo2aXYZ

C2

172.174.202.77:2341

Targets

- Target
  
  1964-55-0x0000000000250000-0x000000000026E000-memory.dmp
- Size
  
  120KB
- MD5
  
  5de6d21be99b4300676781c836dedfb7
- SHA1
  
  b4075d19a6711541f37ecd084e2459d46c9c1aff
- SHA256
  
  632d4d07cceaf22b425c7c3cb72ddfebafa5875df162fe973c6b3d9d0ed90946
- SHA512
  
  52b96ab8b6a4143c892061be617677c14414d4f6edc9572252bea5a4431de3247e3d2b4fa727803789cb073a47fd9a13f9641fdbba26cceca88ce5ba46f34723
- SSDEEP
  
  1536:5qsIOqJGlbG6jejoigIj43Ywzi0Zb78ivombfexv0ujXyyed2ZteulgS6p8l:XTuOYj+zi0ZbYe1g0ujyzd98
Score

10^/10

redline sectoprat mo2axyz discovery infostealer rat spyware stealer trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

mo2axyzredlinesectoprat

behavioral1

redlinesectopratmo2axyzdiscoveryinfostealerratspywarestealertrojan

behavioral2

redlinesectopratmo2axyzdiscoveryinfostealerratspywarestealertrojan

© 2018-2024

Terms | Privacy