General
-
Target
96AD06B20362F378E5F81EDF6DD968EF.exe
-
Size
505KB
-
Sample
240309-1r69fsbf76
-
MD5
96ad06b20362f378e5f81edf6dd968ef
-
SHA1
7feb5233a0c1a1a9224cdbb8cf03d62cd99cf32a
-
SHA256
89f3819c63fe7079db92866643e3f2e3b1a04c653c04411b630c72b8082c35b6
-
SHA512
424eaa80d9facfd203ba1ecd7fd85dc2d03373fc1293ffa2fee914e4bf2ef68ba08dcd8ec913ad7c2cbd13dbd00542216e6b4fa8d07aa253f4fbeccce0e19932
-
SSDEEP
12288:eXbcmn/22sMbf0poapqLDzXAYwAg2OXgkR:jmnOGMXWDzX4Ag2OXH
Malware Config
Extracted
redline
cheat
45.137.22.252:55615
Targets
-
-
Target
96AD06B20362F378E5F81EDF6DD968EF.exe
-
Size
505KB
-
MD5
96ad06b20362f378e5f81edf6dd968ef
-
SHA1
7feb5233a0c1a1a9224cdbb8cf03d62cd99cf32a
-
SHA256
89f3819c63fe7079db92866643e3f2e3b1a04c653c04411b630c72b8082c35b6
-
SHA512
424eaa80d9facfd203ba1ecd7fd85dc2d03373fc1293ffa2fee914e4bf2ef68ba08dcd8ec913ad7c2cbd13dbd00542216e6b4fa8d07aa253f4fbeccce0e19932
-
SSDEEP
12288:eXbcmn/22sMbf0poapqLDzXAYwAg2OXgkR:jmnOGMXWDzX4Ag2OXH
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-