General
-
Target
build.rar
-
Size
39KB
-
Sample
230406-zrp5hafb34
-
MD5
f1704cbcacb06c192d594343edf836cd
-
SHA1
e68c1c76cc373e0e9cb0e01da4026045416cb560
-
SHA256
afc8a2d4deb8240a9e81847cd4419b890e3bf5cc130f8e388675e9ba381b20ab
-
SHA512
92b3a944b7c83884463310314e32cb75d0d6fe97a3b77c026cd76d8a2072fe25e54aed64a1db2a9fe1bf830ad6c647d43adb44129fbd34acbc2082feb330c5df
-
SSDEEP
768:eIOrR/hgb1EgBekbOTxQe4SVvL+He5w3qa3s5/hUGm+kQp/O8:fOrNhgWkbOTOe4ELw3Ttu9NP
Malware Config
Extracted
redline
cheat
45.42.45.232:63495
Targets
-
-
Target
build.exe
-
Size
95KB
-
MD5
ea979c1b240f3f35e2f3e7817486ad16
-
SHA1
b72e5ab22ac134528b2352dc964ae75c036141b2
-
SHA256
213ffd0052c388f78eea28ccc382ea857aa018c5fcf5c9ec4ccaca1757871970
-
SHA512
f5c0d13b300e4ac9eb91240d2348c469bd1017a814ec20f8cb9eee332391d19e555290986fec1d8e09653bee69a8178a3d3607962212e041d75a1aab11caa5fb
-
SSDEEP
1536:9qs+XqrzWBlbG6jejoigI343Ywzi0Zb78ivombfexv0ujXyyed2A3tmulgS6pY:r0gzWHY3+zi0ZbYe1g0ujyzdiY
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-