redline

Sharing

Copy URL Twitter E-mail

General

Target

CraxsRat_7.2_Cracked(1234 pass).rar
Size

320.6MB
Sample

240315-xl333aad24
MD5

cdc220b3f70e9bf5173f11ce9c087ff2
SHA1

57d6ce6c66723011c84ac10571980ced2b47b461
SHA256

14bfef9dd2df2b9f0e1d20cac22d9e4e947f7b0728f7b0b27818cb8b671b0fba
SHA512

985513fd9936a401eab68aa9e4262f83790e7410acc7d324e4f5659ce07dbfda73fc32da831e0aeecc9ea8b57c15a45f30d8977b26695644aabd2cf96486bc04
SSDEEP

6291456:J1sHfQbsh5gdBztVukciWscZic+IdrzxmRGCANOPNrk0ZiD86VOnm57rUL:b6QqgTukAZkI1AdANOFrdiDn4S76

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

cheat

95.164.89.221:33566

Extracted

Family

redline

Botnet

6034700569

6493372055:AAEGM6lUbhip9q5qHViPYIKcXVDabdqVets

Targets

- Target
  
  CraxsRat_7.2_Cracked(1234 pass).rar
- Size
  
  320.6MB
- MD5
  
  cdc220b3f70e9bf5173f11ce9c087ff2
- SHA1
  
  57d6ce6c66723011c84ac10571980ced2b47b461
- SHA256
  
  14bfef9dd2df2b9f0e1d20cac22d9e4e947f7b0728f7b0b27818cb8b671b0fba
- SHA512
  
  985513fd9936a401eab68aa9e4262f83790e7410acc7d324e4f5659ce07dbfda73fc32da831e0aeecc9ea8b57c15a45f30d8977b26695644aabd2cf96486bc04
- SSDEEP
  
  6291456:J1sHfQbsh5gdBztVukciWscZic+IdrzxmRGCANOPNrk0ZiD86VOnm57rUL:b6QqgTukAZkI1AdANOFrdiDn4S76
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  7.2/CraxsRat_Cracked/._cache_7z.exe
- Size
  
  329KB
- MD5
  
  453821572a13cc6ea0736f9db6424e13
- SHA1
  
  5f994bde8db4b658781756eaaca9416909a3a420
- SHA256
  
  b8c3871a5d6a473a2e9d08684a481aea7467a97d0a433cf55b127323ef61218f
- SHA512
  
  22468064ae306037d2b241e8a985ad5b037b45f6873e364f46d8066018533993e66834288227ae86e94e23511386f0afcf52776060b17dad11dfba4bc333b07a
- SSDEEP
  
  6144:qnzsyDn7PDS+FDflUjvJUkbEOyF1rOpsuCOuOff5kYF/lTRHA:q377SKfgvqkbFyFJC5RzH
Score

1^/10
behavioral3 behavioral4
- Target
  
  7.2/CraxsRat_Cracked/._cache_aapt.exe
- Size
  
  1.6MB
- MD5
  
  80f136b0642bbc25c7578e0d24d4673b
- SHA1
  
  883596e63700c45ab0d4d880b883f687f65c2457
- SHA256
  
  aa18b5646881ff3b8ca9879045a1b4a44e2d5b24fbe14486fc8236789de8237a
- SHA512
  
  4a95ac6b8d6252b68ccc842e8dd36056d5b0a773a86d4a8234f39cc2195ccec06fc64954655956447dfc27896720c92f8dfa4a39c2bb568c21fcc588723d86fc
- SSDEEP
  
  49152:XPNjtbkZdmFxzKyfMKiTYQ0QQQKXQQQQQQQf0Qw:/NjtQZ8Pf1
Score

1^/10
behavioral5 behavioral6
- Target
  
  7.2/CraxsRat_Cracked/Craxsrat10.31_Cracked.exe
- Size
  
  92.7MB
- MD5
  
  91be184aa1cef58291e39bfe0888b545
- SHA1
  
  209ee2073a45672468ba88539b2c7e7879eabf85
- SHA256
  
  4e95ede924eba962a59ddec3f55cd7e9d4131c0a1ea3524740c271a276a91301
- SHA512
  
  24486f37ba50068da11ae6fa80d7e0b6666914228c75de01b6e02cb8131763715f43187d5e1468efe43d9d87c4edae39a4d7e69acb297a63495e86e17b3e7ad6
- SSDEEP
  
  1572864:hzSAjEceNjp/5UZcd4WI1KBT6uD8GeSUP/NjKcaErvX+Oz9E2RKYDM7aU:RGNpBPdSKRdnUPFK9ErlJKYIf
Score

10^/10

redline sectoprat stormkitty cheat infostealer rat stealer trojan 6034700569
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Account Manipulation

T1098

Privilege Escalation

Account Manipulation

T1098

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Checks computer location settings

RedLine payload

SectopRAT

SectopRAT payload

StormKitty

StormKitty payload

Grants admin privileges

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8