General
-
Target
a0aae683ab5377405fe6e2df78c2fd51cddb0cfec0c8bf6cca240dd518ed8dc8.exe
-
Size
95KB
-
Sample
240706-kxa57staql
-
MD5
edc8c4834d73ffd820e9ef6fb7dffcbb
-
SHA1
40b96d9c6884cbc72af79d6ed29b0a66ceabeeb3
-
SHA256
a0aae683ab5377405fe6e2df78c2fd51cddb0cfec0c8bf6cca240dd518ed8dc8
-
SHA512
c365eebc8fed51697f6863725a82b49d900201f86d59eefd163e79f837436548ceb69bf0f60d1c636589f33c9373492b8dfe8a21b17ede5bd554317e2ec60e22
-
SSDEEP
1536:9qsINqLGlbG6jejoigI343Ywzi0Zb78ivombfexv0ujXyyed2m3teulgS6pY:rAMOY3+zi0ZbYe1g0ujyzdAY
Malware Config
Extracted
redline
cheat
161.129.65.145:4483
Targets
-
-
Target
a0aae683ab5377405fe6e2df78c2fd51cddb0cfec0c8bf6cca240dd518ed8dc8.exe
-
Size
95KB
-
MD5
edc8c4834d73ffd820e9ef6fb7dffcbb
-
SHA1
40b96d9c6884cbc72af79d6ed29b0a66ceabeeb3
-
SHA256
a0aae683ab5377405fe6e2df78c2fd51cddb0cfec0c8bf6cca240dd518ed8dc8
-
SHA512
c365eebc8fed51697f6863725a82b49d900201f86d59eefd163e79f837436548ceb69bf0f60d1c636589f33c9373492b8dfe8a21b17ede5bd554317e2ec60e22
-
SSDEEP
1536:9qsINqLGlbG6jejoigI343Ywzi0Zb78ivombfexv0ujXyyed2m3teulgS6pY:rAMOY3+zi0ZbYe1g0ujyzdAY
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-