Overview

overview

10

Static

static

3

3bd982f82a...f4.exe

windows10-1703-x64

10

3bd982f82a...f4.exe

windows10-2004-x64

10

3bd982f82a...f4.exe

windows11-21h2-x64

10

Resubmissions

29/05/2024, 19:19

240529-x1mdvsff69 10

29/05/2024, 15:30

240529-sxgxrabc59 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3bd982f82a1b2f074b02fe7cc7413f1e083f19108ae2612b2b5a741a9858f7f4.exe

  • Size

    523KB

  • Sample

    240529-x1mdvsff69

  • MD5

    e336cd749eb4e599192906f8d61d0bb2

  • SHA1

    6d431812efb3c52e0bdd44d2602bca486eacc451

  • SHA256

    3bd982f82a1b2f074b02fe7cc7413f1e083f19108ae2612b2b5a741a9858f7f4

  • SHA512

    8e18ce1501dbf77ca2af6cf6d7c0813501b2e94c61e859878370e872c93b79d7019430391b4916296e7f62079d2408a37ff0cdab0260d67b437eb88310d1fb84

  • SSDEEP

    12288:5cO61A772/5RMH4Gj63oiwKeWq6GXiS+qdYYn86v:U+XQRMYGSFFq6G53nv

Score
10/10
redlinesectopratxxlinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

xxl

C2

2.56.59.101:17559

Targets

    • Target

      3bd982f82a1b2f074b02fe7cc7413f1e083f19108ae2612b2b5a741a9858f7f4.exe

    • Size

      523KB

    • MD5

      e336cd749eb4e599192906f8d61d0bb2

    • SHA1

      6d431812efb3c52e0bdd44d2602bca486eacc451

    • SHA256

      3bd982f82a1b2f074b02fe7cc7413f1e083f19108ae2612b2b5a741a9858f7f4

    • SHA512

      8e18ce1501dbf77ca2af6cf6d7c0813501b2e94c61e859878370e872c93b79d7019430391b4916296e7f62079d2408a37ff0cdab0260d67b437eb88310d1fb84

    • SSDEEP

      12288:5cO61A772/5RMH4Gj63oiwKeWq6GXiS+qdYYn86v:U+XQRMYGSFFq6G53nv

    Score
    10/10
    redlinesectopratxxlinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks