General
-
Target
774c0cc23477f5792949672f88b86cea999945d9e650a7460979d841de27d65e.exe
-
Size
57KB
-
Sample
240314-c1v1sage3v
-
MD5
a2ed1eb428f6d50c574bb1c65ed75c98
-
SHA1
45ca7da758f48c9bf3e0f31e931bb1e1f154e80b
-
SHA256
774c0cc23477f5792949672f88b86cea999945d9e650a7460979d841de27d65e
-
SHA512
f1f46d827737f83f68f6c40ea8d08a334071545043952d03be9f4e2e4e7a6324b4bbb54d0aa5606102098acd423a2e0c705cc2a8fa3249ed9ef12fe4ceab6f97
-
SSDEEP
1536:umnMt4K1e3OEPkyiNaKe+7vjNjMel4Qrvseim:uD4pkRaWBjh4YbX
Malware Config
Extracted
redline
cheat
162.245.191.8:4483
Targets
-
-
Target
774c0cc23477f5792949672f88b86cea999945d9e650a7460979d841de27d65e.exe
-
Size
57KB
-
MD5
a2ed1eb428f6d50c574bb1c65ed75c98
-
SHA1
45ca7da758f48c9bf3e0f31e931bb1e1f154e80b
-
SHA256
774c0cc23477f5792949672f88b86cea999945d9e650a7460979d841de27d65e
-
SHA512
f1f46d827737f83f68f6c40ea8d08a334071545043952d03be9f4e2e4e7a6324b4bbb54d0aa5606102098acd423a2e0c705cc2a8fa3249ed9ef12fe4ceab6f97
-
SSDEEP
1536:umnMt4K1e3OEPkyiNaKe+7vjNjMel4Qrvseim:uD4pkRaWBjh4YbX
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Contacts a large (4715) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
-
Detects executables packed with or use KoiVM
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Suspicious use of SetThreadContext
-