General
-
Target
D1AF2776A0515FA6DE91ACB0A442048D.exe
-
Size
96KB
-
Sample
240514-tqsaksea6x
-
MD5
d1af2776a0515fa6de91acb0a442048d
-
SHA1
78c76b53352d5eb9f2761d19a3063b203d369bad
-
SHA256
972d6d5273ea9f4615e77d13fed4c51edd7ecc263112f1ce90f8847199b5a248
-
SHA512
b96feea2fff7f32fe3ed27c55b414bd56a56a680e2f056c8ababa278e753de680eb17ce509c1665de8477b07499ecdf0671bb36dd6515df130d1d32c0982ab5c
-
SSDEEP
1536:DqsqmqnflbG6jejoigIi43Ywzi0Zb78ivombfexv0ujXyyed2CtQulgS6pE:xxw9Yi+zi0ZbYe1g0ujyzdGE
Malware Config
Extracted
redline
cheat
91.92.249.99:13359
Targets
-
-
Target
D1AF2776A0515FA6DE91ACB0A442048D.exe
-
Size
96KB
-
MD5
d1af2776a0515fa6de91acb0a442048d
-
SHA1
78c76b53352d5eb9f2761d19a3063b203d369bad
-
SHA256
972d6d5273ea9f4615e77d13fed4c51edd7ecc263112f1ce90f8847199b5a248
-
SHA512
b96feea2fff7f32fe3ed27c55b414bd56a56a680e2f056c8ababa278e753de680eb17ce509c1665de8477b07499ecdf0671bb36dd6515df130d1d32c0982ab5c
-
SSDEEP
1536:DqsqmqnflbG6jejoigIi43Ywzi0Zb78ivombfexv0ujXyyed2CtQulgS6pE:xxw9Yi+zi0ZbYe1g0ujyzdGE
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-