redline

General

Target

411b28fec79459930089cc56a18b123cb175347a5464353faf1c376f99c57a67
Size

576KB
Sample

240307-x3h48abg77
MD5

164109915e9cb7c352225e69f6bfb839
SHA1

79bf288ccc1a63e232a6978cd979ba223f75c064
SHA256

411b28fec79459930089cc56a18b123cb175347a5464353faf1c376f99c57a67
SHA512

206747aefe5c0ab6632ee82bbb4318750778974c775adb6f9f68c28620d14cdbef8b9a1c8b90c9f06be37919165fe913dcb332bb250429bdf40b9cedf5624787
SSDEEP

12288:j6FO1lytiU39/j2aAlPNGXRaYtuyVQY6juCMy5TwI2s2/ckR:kti0/j2aAmXRZ7WY6ssW

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

45.137.22.243:55615

Targets

- Target
  
  411b28fec79459930089cc56a18b123cb175347a5464353faf1c376f99c57a67
- Size
  
  576KB
- MD5
  
  164109915e9cb7c352225e69f6bfb839
- SHA1
  
  79bf288ccc1a63e232a6978cd979ba223f75c064
- SHA256
  
  411b28fec79459930089cc56a18b123cb175347a5464353faf1c376f99c57a67
- SHA512
  
  206747aefe5c0ab6632ee82bbb4318750778974c775adb6f9f68c28620d14cdbef8b9a1c8b90c9f06be37919165fe913dcb332bb250429bdf40b9cedf5624787
- SSDEEP
  
  12288:j6FO1lytiU39/j2aAlPNGXRaYtuyVQY6juCMy5TwI2s2/ckR:kti0/j2aAmXRZ7WY6ssW
Score

10^/10

redline sectoprat cheat discovery infostealer rat spyware stealer trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

2

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

SectopRAT

SectopRAT payload

Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2