Overview

overview

10

Static

static

3

63e12a2b48...18.exe

windows7-x64

10

63e12a2b48...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    63e12a2b48c3c7c920b33bbae17fd218_JaffaCakes118

  • Size

    386KB

  • Sample

    240401-bva8rahf9z

  • MD5

    63e12a2b48c3c7c920b33bbae17fd218

  • SHA1

    c63fbe51126a72e3ef92ee61f5be6c1177110639

  • SHA256

    0634e28e5e6d7dc8d37cba7f6b8417a0840f04675ac53406df477105dbab0de9

  • SHA512

    8c4be37580d7a7d1f77ff69bef64958f6ccb631572f883eae64001337e93d2760d50d55b97e2a55eb7ed8d1c47294edbf404b1e87bb1b98baf9569dae57f3026

  • SSDEEP

    6144:oquJmIM4vMGzLfMUyod0yxPtMG5pvym4EtlyjfGPWDT8Pb:qJmIiGzLfKod0Ott5pqmNtlLPWDg

Score
10/10
redlinesectopratusamoneyinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

usamoney

C2

45.142.215.47:27643

Attributes
  • auth_value

    9491a1c5e11eb6097e68a4fa8627fda8

Targets

    • Target

      63e12a2b48c3c7c920b33bbae17fd218_JaffaCakes118

    • Size

      386KB

    • MD5

      63e12a2b48c3c7c920b33bbae17fd218

    • SHA1

      c63fbe51126a72e3ef92ee61f5be6c1177110639

    • SHA256

      0634e28e5e6d7dc8d37cba7f6b8417a0840f04675ac53406df477105dbab0de9

    • SHA512

      8c4be37580d7a7d1f77ff69bef64958f6ccb631572f883eae64001337e93d2760d50d55b97e2a55eb7ed8d1c47294edbf404b1e87bb1b98baf9569dae57f3026

    • SSDEEP

      6144:oquJmIM4vMGzLfMUyod0yxPtMG5pvym4EtlyjfGPWDT8Pb:qJmIiGzLfKod0Ott5pqmNtlLPWDg

    Score
    10/10
    redlinesectopratusamoneyinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks