General

  • Target

    17d395323eba901e1b8befe27e6e8a47.exe

  • Size

    443KB

  • Sample

    230817-vfzgkscf5t

  • MD5

    17d395323eba901e1b8befe27e6e8a47

  • SHA1

    8fd8281cad098719c1d4d646c69f9eb72208da59

  • SHA256

    7461cc679dd71275229e8ef54e603a51d0c496cdec9dd0eaaba9f05a22841d77

  • SHA512

    5703d15b14a65dddcff0e6a05b3eef00d659f87d2fb59b4f100bb56ab3c9af0327168357a98d59800ea7adb0e8809aced9e504da143143135d4c7af084acf01c

  • SSDEEP

    6144:noat1Vj6oOnlw/L6zeE0UmXc3JyFTWBIQrtVaDtr7xv3h9wJ8hPxpRk9uuUuc+5J:RPV/Olwjme2GARTVaDtr79RyixpRu

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

45.95.168.220:55615

Targets

    • Target

      17d395323eba901e1b8befe27e6e8a47.exe

    • Size

      443KB

    • MD5

      17d395323eba901e1b8befe27e6e8a47

    • SHA1

      8fd8281cad098719c1d4d646c69f9eb72208da59

    • SHA256

      7461cc679dd71275229e8ef54e603a51d0c496cdec9dd0eaaba9f05a22841d77

    • SHA512

      5703d15b14a65dddcff0e6a05b3eef00d659f87d2fb59b4f100bb56ab3c9af0327168357a98d59800ea7adb0e8809aced9e504da143143135d4c7af084acf01c

    • SSDEEP

      6144:noat1Vj6oOnlw/L6zeE0UmXc3JyFTWBIQrtVaDtr7xv3h9wJ8hPxpRk9uuUuc+5J:RPV/Olwjme2GARTVaDtr79RyixpRu

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks