Overview

overview

10

Static

static

7

348ec113da...8d.exe

windows7-x64

10

348ec113da...8d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    348ec113dac9d1ad8c37ed33efb9e98d

  • Size

    1013KB

  • Sample

    231231-np964sffaq

  • MD5

    348ec113dac9d1ad8c37ed33efb9e98d

  • SHA1

    0155e7ee208657b1970d4d6e42d1f18096eb4fbe

  • SHA256

    f1199e5b5953534ddbb788d136dd99e6c1d20698458afc9c01b70972b2b3b9af

  • SHA512

    54fa4c4defecdd3b11a95600d4806d1be8350424f146dd82c929a398d44a5c962fd711566f454551eeb53c1bbfc8d74b8e175fe541fce0bcbf9ab06106296de8

  • SSDEEP

    24576:cT3oblY5lxt9Yi/+eX+ZGfJglBBK2xfLT:cT3KlkxtaeOZGfJgDBK2tH

Score
10/10
redlinesectoprat10agilenetinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

10

C2

wemakeclay.xyz:80

Targets

    • Target

      348ec113dac9d1ad8c37ed33efb9e98d

    • Size

      1013KB

    • MD5

      348ec113dac9d1ad8c37ed33efb9e98d

    • SHA1

      0155e7ee208657b1970d4d6e42d1f18096eb4fbe

    • SHA256

      f1199e5b5953534ddbb788d136dd99e6c1d20698458afc9c01b70972b2b3b9af

    • SHA512

      54fa4c4defecdd3b11a95600d4806d1be8350424f146dd82c929a398d44a5c962fd711566f454551eeb53c1bbfc8d74b8e175fe541fce0bcbf9ab06106296de8

    • SSDEEP

      24576:cT3oblY5lxt9Yi/+eX+ZGfJglBBK2xfLT:cT3KlkxtaeOZGfJgDBK2tH

    Score
    10/10
    redlinesectoprat10agilenetinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks