Overview

overview

10

Static

static

1

9531d3bc14...63.exe

windows7-x64

10

9531d3bc14...63.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9531d3bc145da5d871d5922508cfdf63

  • Size

    1.1MB

  • Sample

    231219-y97xlaghf8

  • MD5

    9531d3bc145da5d871d5922508cfdf63

  • SHA1

    da9adfd4321e6f9daabf2d76a4519cc0a76daced

  • SHA256

    925b727a1a30f066da82b39bcc6dfaf67200eede833d0847f6b07d7a975ce49b

  • SHA512

    a8bce9e196db10e7164945caa334de643f232bb21589d4119e2968af50521766839ed4e901f007b32d887f92967d1c2e56d0fa1fe73c83504c8ef71691346c46

  • SSDEEP

    24576:+3X2NyxIh7h1Sxj9naJQ2oo63n1v/pu+k+woON:cGNAIRhsxj5o631v/pqPN

Score
10/10
redlinesectoprat@zenvolordinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

@zenvolord

C2

185.209.22.181:34925

Targets

    • Target

      9531d3bc145da5d871d5922508cfdf63

    • Size

      1.1MB

    • MD5

      9531d3bc145da5d871d5922508cfdf63

    • SHA1

      da9adfd4321e6f9daabf2d76a4519cc0a76daced

    • SHA256

      925b727a1a30f066da82b39bcc6dfaf67200eede833d0847f6b07d7a975ce49b

    • SHA512

      a8bce9e196db10e7164945caa334de643f232bb21589d4119e2968af50521766839ed4e901f007b32d887f92967d1c2e56d0fa1fe73c83504c8ef71691346c46

    • SSDEEP

      24576:+3X2NyxIh7h1Sxj9naJQ2oo63n1v/pu+k+woON:cGNAIRhsxj5o631v/pqPN

    Score
    10/10
    redlinesectoprat@zenvolordinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks