General

  • Target

    6548f741cb41a51f5e5373586ce6b940.exe

  • Size

    271KB

  • Sample

    240114-jktaksfdf5

  • MD5

    6548f741cb41a51f5e5373586ce6b940

  • SHA1

    291bad1c0d06c5af48005dc4eca7f76d5312845b

  • SHA256

    f958ce56b688316c3905d3de8770ad2f4e983b9b4824281cd285fecac12051f1

  • SHA512

    cd98f0379ed410890c2b2f279384c49ba7cdb82d11b5f6ed100b33c7755149893bcc2256ea2b842fbe1ad585a4e31cd752a7014f29cda036571a98ba98c9f5d8

  • SSDEEP

    6144:NZ/b9e1VGnTezP8KwPBVu0AlICpOgCKvZnmpz:U1mTeL8va08I+fmpz

Malware Config

Extracted

Family

redline

Botnet

@txtbaselinks

C2

91.92.252.103:61981

Targets

    • Target

      6548f741cb41a51f5e5373586ce6b940.exe

    • Size

      271KB

    • MD5

      6548f741cb41a51f5e5373586ce6b940

    • SHA1

      291bad1c0d06c5af48005dc4eca7f76d5312845b

    • SHA256

      f958ce56b688316c3905d3de8770ad2f4e983b9b4824281cd285fecac12051f1

    • SHA512

      cd98f0379ed410890c2b2f279384c49ba7cdb82d11b5f6ed100b33c7755149893bcc2256ea2b842fbe1ad585a4e31cd752a7014f29cda036571a98ba98c9f5d8

    • SSDEEP

      6144:NZ/b9e1VGnTezP8KwPBVu0AlICpOgCKvZnmpz:U1mTeL8va08I+fmpz

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks