Overview

overview

10

Static

static

10

7981bc15a3...a4.exe

windows7-x64

10

7981bc15a3...a4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bf01f5a33558c59188cd3b91f56ce00284cf4fd614ccc9393b8126f40cfe465f

  • Size

    43KB

  • Sample

    240419-vebdcshg86

  • MD5

    58683f1dc2db3f87865344e4cd519b20

  • SHA1

    c66af4faa9d13b307aad69d9748d5b48682449b0

  • SHA256

    bf01f5a33558c59188cd3b91f56ce00284cf4fd614ccc9393b8126f40cfe465f

  • SHA512

    6081ec3bd5e2706a52c4c6ad89056f3a8fcb8f99d51614433377ea96d7967c8c82ac28136b98ce17674c0ff0916a079f7dd625c060acff0a7ceb66f7c6670d37

  • SSDEEP

    768:2S7iZeZj0LRxrihjhk4npZAhJnAaGLnHGY8eJIGAR/PK+5hbbrwWtenyi5a4QQXP:m4Z4L+9kopZAMZmLyIfj8Qey9yV1

Score
10/10
redlinesectoprat--- https://t.me/bltoolscloud ------ https://t.me/bltools_logs ---discoveryinfostealerratspywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

--- https://t.me/BlToolsCloud ------ https://t.me/BlTools_Logs ---

C2

rights-mountains.gl.at.ply.gg:23403

Targets

    • Target

      7981bc15a329fe58ae76f26d03fbcab5d7c32658f29a1529d4d83b9e377a81a4.exe

    • Size

      95KB

    • MD5

      9001b4d829eac33f2b06ab34bbef7480

    • SHA1

      108914745f61a7502a382871345d4af604814823

    • SHA256

      7981bc15a329fe58ae76f26d03fbcab5d7c32658f29a1529d4d83b9e377a81a4

    • SHA512

      511cedc75dc75eef63953f7238d1d7f25b6ffc0e36f0f6e0589d58f642b4c87607a70414305905a7b57295ebe176bf51c1a84d0308f0f93287e52b3afd3b4cea

    • SSDEEP

      1536:WqsoPqsglbG6jejoigIn43Ywzi0Zb78ivombfexv0ujXyyed2jtQulgS6pE:E2fwYn+zi0ZbYe1g0ujyzdlE

    Score
    10/10
    redlinesectoprat--- https://t.me/bltoolscloud ------ https://t.me/bltools_logs ---discoveryinfostealerratspywarestealertrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks