redline

General

Target

44b6f48a50be8b19b46773df9b712131.exe
Size

95KB
Sample

240309-l175saff5y
MD5

44b6f48a50be8b19b46773df9b712131
SHA1

e0a322b47ec2744abeda531092483f54c038faf9
SHA256

38d43a3a1f0bda152fdd683184cbc79aee1ce6f422fe7ac3841a8b8a6cca1b3a
SHA512

095f4a5010c003ac657c075232b920e07400291666237027c472369e766c4a2e72a36b11909f2b701fbb6de511cec00912c2fd5741d0e4d28c42b399874c2526
SSDEEP

1536:9HqsIEq76ElbG6jejoigIY43Ywzi0Zb78ivombfexv0ujXyyed2jtmulgS6pM:91d+68YY+zi0ZbYe1g0ujyzdjM

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

@systemadminbd

C2

172.86.101.115:4483

Targets

- Target
  
  44b6f48a50be8b19b46773df9b712131.exe
- Size
  
  95KB
- MD5
  
  44b6f48a50be8b19b46773df9b712131
- SHA1
  
  e0a322b47ec2744abeda531092483f54c038faf9
- SHA256
  
  38d43a3a1f0bda152fdd683184cbc79aee1ce6f422fe7ac3841a8b8a6cca1b3a
- SHA512
  
  095f4a5010c003ac657c075232b920e07400291666237027c472369e766c4a2e72a36b11909f2b701fbb6de511cec00912c2fd5741d0e4d28c42b399874c2526
- SSDEEP
  
  1536:9HqsIEq76ElbG6jejoigIY43Ywzi0Zb78ivombfexv0ujXyyed2jtmulgS6pM:91d+68YY+zi0ZbYe1g0ujyzdjM
Score

10^/10

redline sectoprat @systemadminbd discovery infostealer rat spyware stealer trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

SectopRAT

SectopRAT payload

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2