Overview

overview

10

Static

static

3

2b05bd5f01...58.exe

windows7-x64

10

2b05bd5f01...58.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2b05bd5f01ec91055ec3235fe0308758

  • Size

    1.2MB

  • Sample

    231231-grcv3abcek

  • MD5

    2b05bd5f01ec91055ec3235fe0308758

  • SHA1

    8fed0199247388c88870e20b15581353f7dc2ba9

  • SHA256

    98012c9a8fe074b5514953c7cf7d70047a44bec639dda73d39d67283897465fb

  • SHA512

    b7e14c8406fd09cddab6cb06bdf72f5ba91c1bf9ad8e546198ce937da7554efe64ce43b1e7ba7da0487a2ba462de8be18cf68f712383a443ec733d599a354646

  • SSDEEP

    24576:+SLXMkT/pY/feR4IQfPsNTpNOC4r2U+73ux3Sa:t8kBY/M+8N3adMU3Sa

Score
10/10
redlinesectoprat12infostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

12

C2

185.92.74.32:80

Targets

    • Target

      2b05bd5f01ec91055ec3235fe0308758

    • Size

      1.2MB

    • MD5

      2b05bd5f01ec91055ec3235fe0308758

    • SHA1

      8fed0199247388c88870e20b15581353f7dc2ba9

    • SHA256

      98012c9a8fe074b5514953c7cf7d70047a44bec639dda73d39d67283897465fb

    • SHA512

      b7e14c8406fd09cddab6cb06bdf72f5ba91c1bf9ad8e546198ce937da7554efe64ce43b1e7ba7da0487a2ba462de8be18cf68f712383a443ec733d599a354646

    • SSDEEP

      24576:+SLXMkT/pY/feR4IQfPsNTpNOC4r2U+73ux3Sa:t8kBY/M+8N3adMU3Sa

    Score
    10/10
    redlinesectoprat12infostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks