General
-
Target
0x000c000000023117-105.dat
-
Size
95KB
-
Sample
230930-r2gbcadc3t
-
MD5
854ff294f0a8549ed61ca06e100e55a7
-
SHA1
db0c534319c079e7c9f3c2b9a9fdeb7dfe61e6e7
-
SHA256
b6f0c3d53b93d35eff69c3ab8433189f87d2fc7bd94a09d8b0b69abee94cb301
-
SHA512
d81f614ecf98115b8646cc87c1f67738db836b0b5eeffdf789dca93057dc78a6803e3114217fb863773e914f734379acd3dc6c76541bba0b11f10cbe25a79420
-
SSDEEP
1536:Bqs+FRcqWClbG6jejoigI743Ywzi0Zb78ivombfexv0ujXyyed28tmulgS6pUl:veRclyY7+zi0ZbYe1g0ujyzdoU
Malware Config
Extracted
redline
cashoutgang
4.229.227.81:33222
Targets
-
-
Target
0x000c000000023117-105.dat
-
Size
95KB
-
MD5
854ff294f0a8549ed61ca06e100e55a7
-
SHA1
db0c534319c079e7c9f3c2b9a9fdeb7dfe61e6e7
-
SHA256
b6f0c3d53b93d35eff69c3ab8433189f87d2fc7bd94a09d8b0b69abee94cb301
-
SHA512
d81f614ecf98115b8646cc87c1f67738db836b0b5eeffdf789dca93057dc78a6803e3114217fb863773e914f734379acd3dc6c76541bba0b11f10cbe25a79420
-
SSDEEP
1536:Bqs+FRcqWClbG6jejoigI743Ywzi0Zb78ivombfexv0ujXyyed28tmulgS6pUl:veRclyY7+zi0ZbYe1g0ujyzdoU
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-