Overview

overview

10

Static

static

3

c5ad319799...d0.exe

windows7-x64

10

c5ad319799...d0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    03c597ac6fae7130833e04e289c1a707.bin

  • Size

    448KB

  • Sample

    240717-bcvvfa1gmc

  • MD5

    c418a669417314413e11af7a27f27f21

  • SHA1

    0cb70ff172a5ca531e4db7356a67469bea861055

  • SHA256

    ea685e4847023412aa4b45b1b849483d0f3635cac9b448d05e8970df7d7aaa33

  • SHA512

    820887cdd98b41c942865166c3c9885d4304fb02c276da9cef2cded8bb68f3d42fbe9018ecd650d785b9e5cc608ead90b5af6e6ab4bb2781128e8b5173e2dbd6

  • SSDEEP

    12288:9GpS8GnDk8wwyQGRWvZw8KzflL1yxmJr1Q+n2fb:9GqZwwydWvZw8eft1+mHQ+ngb

Score
10/10
redlinesectopratunk777discoveryinfostealerratspywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

unk777

C2

159.203.177.31:16383

Targets

    • Target

      c5ad319799d36151e0d328dc73736af67d2ea201bb57c39573cffabf9e2792d0.exe

    • Size

      1.9MB

    • MD5

      03c597ac6fae7130833e04e289c1a707

    • SHA1

      d0b60497f4b5143b81947c630654fb4cce438f4b

    • SHA256

      c5ad319799d36151e0d328dc73736af67d2ea201bb57c39573cffabf9e2792d0

    • SHA512

      6e962c318afc6c4b48b964dd6af4e64cea6d0f2f7f44b2d90ef573f8b5070261c00f3c27821512bf0fc55b98438abeb3ed30b8c7e2f072c8dc90eaf8a49ab928

    • SSDEEP

      12288:6eRkAGag6meBQRgsPNFN8+uBdjyAPDHVtrM82QYm:6GPsTNydWgDVtrj

    Score
    10/10
    redlinesectopratunk777discoveryinfostealerratspywarestealertrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks