Overview

overview

10

Static

static

10

1947626a9d...48.exe

windows7-x64

10

1947626a9d...48.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5c6d2425943bd5439503af83b3337e6253994776d91c4ed4bd572266971f3520

  • Size

    43KB

  • Sample

    240419-wcg9kabh21

  • MD5

    89d11cbbe2c3068e757b06a893c14d86

  • SHA1

    196e5b58a74b1993134a8a56c8a654516aab043a

  • SHA256

    5c6d2425943bd5439503af83b3337e6253994776d91c4ed4bd572266971f3520

  • SHA512

    b84b18485d1bb6dbbc56e3c2044ff42dfdc13046cc40770e2370c46879e5716d1e80d4c04bb7a2b47b230d096d44cac61c7f3db55f50733861a2be2ed758b486

  • SSDEEP

    768:vQ1kP0/FT6cByEYa129SzH00zUe8BUjEx6/icO2rKDP8OyL5ANu5AEKO55o43xd6:veF2cBydrSrwTDIXiNu7555xdnbvC/

Score
10/10
redlinesectopratxenlogsinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

XenLogs

C2

45.77.240.40:25887

Targets

    • Target

      1947626a9da397ee1e3a537ed7b266d31531ad3d27eaf63c6b607db359788248.exe

    • Size

      95KB

    • MD5

      9ed248a55397b97d052a432e3799578c

    • SHA1

      147e67e09d8724d4a8e09e889f6a03aafc947487

    • SHA256

      1947626a9da397ee1e3a537ed7b266d31531ad3d27eaf63c6b607db359788248

    • SHA512

      eb9d97f6c859c0d0f60e1ba0fda85893d2c00ec3f9d5a607e0e33e07aede1e624c1a92eff6fc4a0ed67d1b120a90482115a56694011dfac3ad9287c9bb479a68

    • SSDEEP

      1536:5qs+bqDylbG6jejoigIj43Ywzi0Zb78ivombfexv0ujXyyed2CtmulgS6p8l:XIwiYj+zi0ZbYe1g0ujyzdm8

    Score
    10/10
    redlinesectopratxenlogsinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks