Overview

overview

10

Static

static

3

c5ad319799...d0.exe

windows7-x64

10

c5ad319799...d0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c5ad319799d36151e0d328dc73736af67d2ea201bb57c39573cffabf9e2792d0.exe

  • Size

    1.9MB

  • Sample

    240716-yerxwsxamp

  • MD5

    03c597ac6fae7130833e04e289c1a707

  • SHA1

    d0b60497f4b5143b81947c630654fb4cce438f4b

  • SHA256

    c5ad319799d36151e0d328dc73736af67d2ea201bb57c39573cffabf9e2792d0

  • SHA512

    6e962c318afc6c4b48b964dd6af4e64cea6d0f2f7f44b2d90ef573f8b5070261c00f3c27821512bf0fc55b98438abeb3ed30b8c7e2f072c8dc90eaf8a49ab928

  • SSDEEP

    12288:6eRkAGag6meBQRgsPNFN8+uBdjyAPDHVtrM82QYm:6GPsTNydWgDVtrj

Score
10/10
redlinesectopratunk777infostealerratspywaretrojan

Malware Config

Extracted

Family

redline

Botnet

unk777

C2

159.203.177.31:16383

Targets

    • Target

      c5ad319799d36151e0d328dc73736af67d2ea201bb57c39573cffabf9e2792d0.exe

    • Size

      1.9MB

    • MD5

      03c597ac6fae7130833e04e289c1a707

    • SHA1

      d0b60497f4b5143b81947c630654fb4cce438f4b

    • SHA256

      c5ad319799d36151e0d328dc73736af67d2ea201bb57c39573cffabf9e2792d0

    • SHA512

      6e962c318afc6c4b48b964dd6af4e64cea6d0f2f7f44b2d90ef573f8b5070261c00f3c27821512bf0fc55b98438abeb3ed30b8c7e2f072c8dc90eaf8a49ab928

    • SSDEEP

      12288:6eRkAGag6meBQRgsPNFN8+uBdjyAPDHVtrM82QYm:6GPsTNydWgDVtrj

    Score
    10/10
    redlinesectopratunk777infostealerratspywaretrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks