Overview

overview

10

Static

static

10

20230408_2...ld.exe

windows7-x64

10

20230408_2...ld.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20230408_205708_signed_build.exe

  • Size

    105KB

  • Sample

    230410-bfmy1aga8x

  • MD5

    140fe4dc113bd5d5197a3571e9a85925

  • SHA1

    322c1e09e1ad3330a457863635f6b8ac183b8a20

  • SHA256

    6c3aaf9d4f65fc103ceaaf41c25d58b6ae1c4657a10f33d6a6e341052473334c

  • SHA512

    9edf3aaf08c1ffd9a19c21f02f14eeec56fc8859a7d77435bce928307417fd4cf5f9ec7645d0e5c81ff76b14d2824562198bff25b01711bb376060844f783952

  • SSDEEP

    1536:GqsCbqDylbG6jejoigIj43Ywzi0Zb78ivombfexv0ujXyyed2x3tmulgS6p1dIc4:0EwiYj+zi0ZbYe1g0ujyzdd1dpo1

Score
10/10
redlinesectopratcheatdiscoveryinfostealerratspywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

154.81.220.233:28105

Targets

    • Target

      20230408_205708_signed_build.exe

    • Size

      105KB

    • MD5

      140fe4dc113bd5d5197a3571e9a85925

    • SHA1

      322c1e09e1ad3330a457863635f6b8ac183b8a20

    • SHA256

      6c3aaf9d4f65fc103ceaaf41c25d58b6ae1c4657a10f33d6a6e341052473334c

    • SHA512

      9edf3aaf08c1ffd9a19c21f02f14eeec56fc8859a7d77435bce928307417fd4cf5f9ec7645d0e5c81ff76b14d2824562198bff25b01711bb376060844f783952

    • SSDEEP

      1536:GqsCbqDylbG6jejoigIj43Ywzi0Zb78ivombfexv0ujXyyed2x3tmulgS6p1dIc4:0EwiYj+zi0ZbYe1g0ujyzdd1dpo1

    Score
    10/10
    redlinesectopratcheatdiscoveryinfostealerratspywarestealertrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks