Overview

overview

10

Static

static

3

PRODUCT_LIST.exe

windows7-x64

10

PRODUCT_LIST.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PRODUCT_LIST.tar

  • Size

    2.6MB

  • Sample

    240711-g21pwashkl

  • MD5

    2a7a8a955130091852820616eda3de0a

  • SHA1

    cfd2452b77c9604fb86311b6100747ddae8aba2c

  • SHA256

    e84e611d0f9a6df97be139a441314d098a177fe6a1ed736abc2b80fb33cc372c

  • SHA512

    062bc5921f46f6c1858a85bf3b0d00eb9d80dc03d09c8f48cc01c613cf792bb337afaffddc183af3d16cab3b8430665198fb8b5e5e607fe4a27958371d8aac30

  • SSDEEP

    12288:TZvl4rkRkOuZ8opZz/mYCGG301f19Q8AypNpobtrlp:S2k3V001lAypNy

Score
10/10
redlinesectopratcetrydiscoveryinfostealerratspywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

cetry

C2

204.14.75.2:16383

Targets

    • Target

      PRODUCT_LIST.exe

    • Size

      2.6MB

    • MD5

      084f6a5b75fd76808d1099394ca45c3e

    • SHA1

      abf381b6ea5bd403aa9a873fb04698000d5061d9

    • SHA256

      4a6276e3136c7a49fe5046b78966ad785e052c4266c4dd0b68cf9937e9b5777f

    • SHA512

      6464afc06b47246fba6b83c60112da233f19f9468b73b7db1d901b45f2c7cc9337d7701fc910b5fac746055e38afc19fc8d184ad1f59ad45953f1f196c8926cb

    • SSDEEP

      12288:pZvl4rkRkOuZ8opZz/mYCGG301f19Q8AypNpobtrlp8:o2k3V001lAypNyi

    Score
    10/10
    redlinesectopratcetryinfostealerratspywaretrojandiscoverystealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks