Overview

overview

10

Static

static

3

NEAS.02622...80.exe

windows7-x64

10

NEAS.02622...80.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.026228a9f67ac805394bd9461fbf8d80.exe

  • Size

    249KB

  • Sample

    231115-fyp9ascf94

  • MD5

    026228a9f67ac805394bd9461fbf8d80

  • SHA1

    ca45513b3641e68520db4731713c8fd008fd6c5d

  • SHA256

    82f036c29f824105f137a012dbb3e46a6ba60dd2eacfe5f91284ec60431c0018

  • SHA512

    d115c79a9b1f45a7140596051d55ace5990c1178618ecca1c40303f08b5f7e2cd3f5187652e774182d822f44de334fa8a1375cb3130f8334896fcd492aaeb893

  • SSDEEP

    6144:961oApU9ICKY4QKNIWAbJC2B+59i5/HDUEa:4ohzKNXAbUy+59mr+

Score
10/10
redlinesectopratutsinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

UTS

C2

45.9.20.20:13441

Targets

    • Target

      NEAS.026228a9f67ac805394bd9461fbf8d80.exe

    • Size

      249KB

    • MD5

      026228a9f67ac805394bd9461fbf8d80

    • SHA1

      ca45513b3641e68520db4731713c8fd008fd6c5d

    • SHA256

      82f036c29f824105f137a012dbb3e46a6ba60dd2eacfe5f91284ec60431c0018

    • SHA512

      d115c79a9b1f45a7140596051d55ace5990c1178618ecca1c40303f08b5f7e2cd3f5187652e774182d822f44de334fa8a1375cb3130f8334896fcd492aaeb893

    • SSDEEP

      6144:961oApU9ICKY4QKNIWAbJC2B+59i5/HDUEa:4ohzKNXAbUy+59mr+

    Score
    10/10
    redlinesectopratutsinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks