redline

General

Target

BitcoinFakeTransaction.exe
Size

506KB
Sample

240328-k6f3tahb61
MD5

b8c68eb88e8a71d24a734d73f809d1eb
SHA1

f067febec2776f32d8c6173bbfaecbd8b4e77e3c
SHA256

adc7ac788b77136e22c94d046a45047a4dd3c48b11fe6194db773cb0568c2586
SHA512

84ed4f20e4d9786be0b70c51c85687cf456d4e5c1f05933ed280e2d3f08d10ce49a4c395a6307a3839b3e456644c85a6444fcb1784e5f50b16a8ff432f7277c9
SSDEEP

6144:Bnx1x1eRIjd07UroE9osp3urtvyfsuYm9jdUSDbkTtSL0qhgq+uoQ4MaVQs9Gup1:/1eRIh07UrNtuVGJkpSL0qhNvMGgn

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

rivag41664-34523.portmap.host:34523

Targets

- Target
  
  BitcoinFakeTransaction.exe
- Size
  
  506KB
- MD5
  
  b8c68eb88e8a71d24a734d73f809d1eb
- SHA1
  
  f067febec2776f32d8c6173bbfaecbd8b4e77e3c
- SHA256
  
  adc7ac788b77136e22c94d046a45047a4dd3c48b11fe6194db773cb0568c2586
- SHA512
  
  84ed4f20e4d9786be0b70c51c85687cf456d4e5c1f05933ed280e2d3f08d10ce49a4c395a6307a3839b3e456644c85a6444fcb1784e5f50b16a8ff432f7277c9
- SSDEEP
  
  6144:Bnx1x1eRIjd07UroE9osp3urtvyfsuYm9jdUSDbkTtSL0qhgq+uoQ4MaVQs9Gup1:/1eRIh07UrNtuVGJkpSL0qhNvMGgn
Score

10^/10

redline sectoprat cheat infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  BitcoinFakeTransaction.exe
- Size
  
  605KB
- MD5
  
  4eb3bd08932bb9000f1dce389bdded6f
- SHA1
  
  8aedf59a815f67437d979b506eff4191d8c2b04d
- SHA256
  
  c038cf88206371d35a0e89612d8781cdfa69cc37fc5391a8e92d252ac6b9f0b1
- SHA512
  
  2a5366cebc3d56130ece83d2e5b64415b07c3c6e40f48048aabfafc9f6202d85da29023a2be586dc86300e58800086cb81662329e125b42fedde6e45b748e66f
- SSDEEP
  
  6144:z6q+juTdrtvyfruYm9jdVSDbkTtS50qhIq+ufQ4Ma5xpP5uHxyVmYPvg77:z6xmVT4kpS50qhkE
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral3 behavioral4
- Target
  
  build223.bat
- Size
  
  70KB
- MD5
  
  e7cf9cde4c325f6daa8dc52236f70756
- SHA1
  
  62560c65d322eb44f66355e2e58de5d57a3bcbf4
- SHA256
  
  d14f414b59cf8e6db480c37b5942e947adf570bac6c2c06d20889ecc81f2c39d
- SHA512
  
  9bb314cba2d8f4fd75654334017d35e527ed69d3a0c9540bdec3743787d3b0d94088df7e859246c4accbbf2d56b8196d3c977b31d3b4bc9b3b5fc159fef631c6
- SSDEEP
  
  1536:xE76cfZjZNjDHTXkPG3UiISEqZqrgQCievxBJicqPTcT0adtZE3:xENhjZpHeGtISEqZkCiepLPqPT20AI
Score

10^/10

redline sectoprat cheat infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral5 behavioral6