Overview

overview

10

Static

static

3

326c915977...18.exe

windows7-x64

10

326c915977...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    326c915977a42370e806178161e060b4_JaffaCakes118

  • Size

    1.5MB

  • Sample

    240709-3gg8pasdql

  • MD5

    326c915977a42370e806178161e060b4

  • SHA1

    140bf2bcbc2845f65674fab1e29407da5b869bf8

  • SHA256

    e7dfb670bb6407f251b3e83ffd83332184fa12f47ead9a5cad529adb88f835d9

  • SHA512

    fb392af38f76c9da3352afc4034eb1233ce9ee8e81f49899f12e4d1860f016a9df5fc3d8c98bf68e6624220da32025d5d6265836eed1e6bed111931f89d7b20d

  • SSDEEP

    49152:iZLAulCktXMNVWczmH5F1/ryMW4qxvaeX:MCktozm1rNW4qxva

Score
10/10
redlinesectoprat@hmmmm2224evasioninfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

@hmmmm2224

C2

185.213.209.36:36533

Targets

    • Target

      326c915977a42370e806178161e060b4_JaffaCakes118

    • Size

      1.5MB

    • MD5

      326c915977a42370e806178161e060b4

    • SHA1

      140bf2bcbc2845f65674fab1e29407da5b869bf8

    • SHA256

      e7dfb670bb6407f251b3e83ffd83332184fa12f47ead9a5cad529adb88f835d9

    • SHA512

      fb392af38f76c9da3352afc4034eb1233ce9ee8e81f49899f12e4d1860f016a9df5fc3d8c98bf68e6624220da32025d5d6265836eed1e6bed111931f89d7b20d

    • SSDEEP

      49152:iZLAulCktXMNVWczmH5F1/ryMW4qxvaeX:MCktozm1rNW4qxva

    Score
    10/10
    redlinesectoprat@hmmmm2224evasioninfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks