Overview

overview

10

Static

static

3

1ae71d2a00...ad.exe

windows7-x64

10

1ae71d2a00...ad.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1ae71d2a00c2781136f0d041617131ad

  • Size

    4.6MB

  • Sample

    231230-rdht9sgeg6

  • MD5

    1ae71d2a00c2781136f0d041617131ad

  • SHA1

    ac45f06da190a8fbf7e5f4e9f7d9afdd941e7df6

  • SHA256

    7b483b575f88d063ec7d84405be25d5d29579133e9951e5f7b5e2b0d9632472f

  • SHA512

    597ddab8dafc57121ac7b24f4517ae6c2bed20ff4563acfedb0c5f074188f1cae289d1a31a4b76ebd6ce14eeba5d309de1f79a26cf15e08eb93469989c640d91

  • SSDEEP

    98304:P2fwb4rsly4guky5c4l0SsNL8eHNLqC0w9e+Zl/As4gXdu:swEsYM5OSsgAb/AVgX4

Score
10/10
redlinesectoprat@oxphoenixinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

@OxPhOenix

C2

77.220.212.176:35752

Targets

    • Target

      1ae71d2a00c2781136f0d041617131ad

    • Size

      4.6MB

    • MD5

      1ae71d2a00c2781136f0d041617131ad

    • SHA1

      ac45f06da190a8fbf7e5f4e9f7d9afdd941e7df6

    • SHA256

      7b483b575f88d063ec7d84405be25d5d29579133e9951e5f7b5e2b0d9632472f

    • SHA512

      597ddab8dafc57121ac7b24f4517ae6c2bed20ff4563acfedb0c5f074188f1cae289d1a31a4b76ebd6ce14eeba5d309de1f79a26cf15e08eb93469989c640d91

    • SSDEEP

      98304:P2fwb4rsly4guky5c4l0SsNL8eHNLqC0w9e+Zl/As4gXdu:swEsYM5OSsgAb/AVgX4

    Score
    10/10
    redlinesectoprat@oxphoenixinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks