Overview

overview

10

Static

static

3

3d41c549e3...f5.exe

windows7-x64

10

3d41c549e3...f5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4ec07b8e03c6decbd6a69fd6205134cc.bin

  • Size

    59KB

  • Sample

    240628-c5ppkazblm

  • MD5

    e3963e4376a3b317076970ce9de61898

  • SHA1

    d319a24c3b67ceb50505bfcb48ea3935e0b9af97

  • SHA256

    b7c1ffe1755532836fbe294aeac5ce8849706ef18ee00438ea697094f7155c03

  • SHA512

    1a249506f02d1afaa823332420f62580353504fc7ee3e05dc7ba94982462932cdf84350c64b1241540b668ccd90389f03e2ff5087d1bb26d5e73ac0704a51a3e

  • SSDEEP

    1536:4n3hNNlp/y/773vf9r6N2V3GOUNeGsJdbPDtKlm:4n3rHp/I5eNQ3GOUNZW8lm

Score
10/10
redlinesectoprattstinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

tst

C2

194.55.186.87:4483

Targets

    • Target

      3d41c549e3605066d3308fe88c6c4674840a2fae493f53ccd777f4c40744caf5.exe

    • Size

      137KB

    • MD5

      4ec07b8e03c6decbd6a69fd6205134cc

    • SHA1

      d7e39255e93b6b45e71accf53ae063973d317c79

    • SHA256

      3d41c549e3605066d3308fe88c6c4674840a2fae493f53ccd777f4c40744caf5

    • SHA512

      ecd9cb4b3ed871d31055d6670b9c7729c43f14015a310365de4b57493a56f8eaed290a74b01b81687747a3348da39c786783260076dbe4c43ec3d87cd18ba6e6

    • SSDEEP

      3072:bzWhTc8VndpIVANtDI0wMuedstt+R1ATIiQKRMs6x:byhTc8TpIVANtnwMuedTHAbRM

    Score
    10/10
    redlinesectoprattstinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks