General
-
Target
bdde06b2f10392b9c34fd2d03dc90c33542f96bdedd67b201dd0c782a1b4bf9b
-
Size
95KB
-
Sample
230422-th7ejahc9v
-
MD5
7e2d328e7e2552be4a862e83f9c7177e
-
SHA1
7d80b8b70676053aaa9d652b721c574ad81b011f
-
SHA256
bdde06b2f10392b9c34fd2d03dc90c33542f96bdedd67b201dd0c782a1b4bf9b
-
SHA512
7019d5f9304c380fd6abb609ba78c912dabfc11196a99130ec647678977bf1e00a51bb9062c051620d4c77cb48ebd6c5df4d9fd7f0e13c0e71285d39c2d9cc4d
-
SSDEEP
1536:9qs+XqrzWBlbG6jejoigI343Ywzi0Zb78ivombfexv0ujXyyed2t3tmulgS6pY:r0gzWHY3+zi0ZbYe1g0ujyzdxY
Malware Config
Extracted
redline
cheat
95.214.27.27:33806
Targets
-
-
Target
bdde06b2f10392b9c34fd2d03dc90c33542f96bdedd67b201dd0c782a1b4bf9b
-
Size
95KB
-
MD5
7e2d328e7e2552be4a862e83f9c7177e
-
SHA1
7d80b8b70676053aaa9d652b721c574ad81b011f
-
SHA256
bdde06b2f10392b9c34fd2d03dc90c33542f96bdedd67b201dd0c782a1b4bf9b
-
SHA512
7019d5f9304c380fd6abb609ba78c912dabfc11196a99130ec647678977bf1e00a51bb9062c051620d4c77cb48ebd6c5df4d9fd7f0e13c0e71285d39c2d9cc4d
-
SSDEEP
1536:9qs+XqrzWBlbG6jejoigI343Ywzi0Zb78ivombfexv0ujXyyed2t3tmulgS6pY:r0gzWHY3+zi0ZbYe1g0ujyzdxY
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-