redline

General

Target

99009031caaab6da320715182c2762983f1e24509c8604273e0f23db35839c52
Size

365KB
Sample

240329-vm2khsdb3y
MD5

d6e04d811cf7ab3ae9d204a325000d2a
SHA1

b0cae7a4a0b87a7ce38ff61a1577af5f8b4f1112
SHA256

99009031caaab6da320715182c2762983f1e24509c8604273e0f23db35839c52
SHA512

9497d1170dd084852e7f81e3eeca9874931b24388be2f4ba9fed0f21f67f27832b2454b968cc74d2e8c240aae60168e2796fa29fe1618051f8ed3a8b2906b5db
SSDEEP

6144:yvd8MVkBm5k0lm7ifuf3Q7Sn3ie1K285zSXLJ+ChLvxUQafQ:SROBmC0uo7SnH15NXL4ChNaQ

Score

10^/10

Malware Config

Targets

- Target
  
  99009031caaab6da320715182c2762983f1e24509c8604273e0f23db35839c52
- Size
  
  365KB
- MD5
  
  d6e04d811cf7ab3ae9d204a325000d2a
- SHA1
  
  b0cae7a4a0b87a7ce38ff61a1577af5f8b4f1112
- SHA256
  
  99009031caaab6da320715182c2762983f1e24509c8604273e0f23db35839c52
- SHA512
  
  9497d1170dd084852e7f81e3eeca9874931b24388be2f4ba9fed0f21f67f27832b2454b968cc74d2e8c240aae60168e2796fa29fe1618051f8ed3a8b2906b5db
- SSDEEP
  
  6144:yvd8MVkBm5k0lm7ifuf3Q7Sn3ie1K285zSXLJ+ChLvxUQafQ:SROBmC0uo7SnH15NXL4ChNaQ
Score

10^/10

redline sectoprat discovery infostealer rat spyware stealer trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

RedLine payload

SectopRAT

SectopRAT payload

.NET Reactor proctector

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2