redline

General

Target

c5ad319799d36151e0d328dc73736af67d2ea201bb57c39573cffabf9e2792d0_payload.exe
Size

95KB
Sample

240715-3qj4msxfrd
MD5

517c949f1f22d780b8a2d4efb4ac92ac
SHA1

aff8a87b61eac55358ef51d5954f38a0edea1798
SHA256

fdf7c12f0a27c062abdc5d39b606c2253b393633183f88d546bf6678c4ef27dd
SHA512

8a12a3e09a4c0bfb4004244f0156a8b9fd865d7bc72841599a1a5154d50039e23c6039d5e507b05ecb313d04297db5106fc4d7fc41f7bef883b345eb4b358d5d
SSDEEP

1536:5qsCOqJGlbG6jejoigIj43Ywzi0Zb78ivombfexv0ujXyyed2YteulgS6p8l:X1uOYj+zi0ZbYe1g0ujyzd48

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

unk777

C2

159.203.177.31:16383

Targets

- Target
  
  c5ad319799d36151e0d328dc73736af67d2ea201bb57c39573cffabf9e2792d0_payload.exe
- Size
  
  95KB
- MD5
  
  517c949f1f22d780b8a2d4efb4ac92ac
- SHA1
  
  aff8a87b61eac55358ef51d5954f38a0edea1798
- SHA256
  
  fdf7c12f0a27c062abdc5d39b606c2253b393633183f88d546bf6678c4ef27dd
- SHA512
  
  8a12a3e09a4c0bfb4004244f0156a8b9fd865d7bc72841599a1a5154d50039e23c6039d5e507b05ecb313d04297db5106fc4d7fc41f7bef883b345eb4b358d5d
- SSDEEP
  
  1536:5qsCOqJGlbG6jejoigIj43Ywzi0Zb78ivombfexv0ujXyyed2YteulgS6p8l:X1uOYj+zi0ZbYe1g0ujyzd48
Score

10^/10

redline sectoprat unk777 discovery infostealer rat spyware stealer trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

SectopRAT

SectopRAT payload

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2