Overview

overview

10

Static

static

10

80488bf5f3...e5.exe

windows7-x64

10

80488bf5f3...e5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a1fd6d8d1c89f7ff74a36a409e31efffcbfe34bb13e9169524e3529a598254b7

  • Size

    43KB

  • Sample

    240419-t5lfkshd33

  • MD5

    985439a6f909c44c71bd9ddf49017d63

  • SHA1

    16e1c711d26f2fd73947465e85cac2b9e038faf1

  • SHA256

    a1fd6d8d1c89f7ff74a36a409e31efffcbfe34bb13e9169524e3529a598254b7

  • SHA512

    b52f95366a398a1a0872d9f57ac55308da46cd49d8c572d4962a4b276a0ad028d71b382f67dcb9b05bbd50932ad16fd70efa9dde45cfd5487ca39634d37e0219

  • SSDEEP

    768:zQryGvYXH3yi/qnmfzsh3IXd5hxcnC6xjnFAUmxVn+lcSD4wkTiSxAg3e:UrvvYXCFmrsh32d+1jFAUWOD47TfAgu

Score
10/10
redlinesectopratcheatinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

0.tcp.in.ngrok.io:17383

Targets

    • Target

      80488bf5f30ea2398ff207b9045a0e230aff2d052ea56156a0e96b57784dc0e5.exe

    • Size

      95KB

    • MD5

      117eef8a227e6ce3646718d0ed6fb7b1

    • SHA1

      db6e21bf637604aa0be4f73142a1b7447cc83553

    • SHA256

      80488bf5f30ea2398ff207b9045a0e230aff2d052ea56156a0e96b57784dc0e5

    • SHA512

      b889b1b965251c74776d3f8981f042f6364157d3c3049e59ad3fbd12dc5d95b938db37870b2bb0de6781e7ee48c0a6cf80318b31b60b6df2be96241a34d478a1

    • SSDEEP

      1536:Fqsgaq+A/lbG6jejoigIP43Ywzi0Zb78ivombfexv0ujXyyed2z3teulgS6pQl:DfZeYP+zi0ZbYe1g0ujyzdfQ

    Score
    10/10
    redlinesectopratcheatinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks