General

  • Target

    13B9619F45569BC734D79CF8A412AD08.exe

  • Size

    95KB

  • Sample

    240717-s7l98a1bje

  • MD5

    13b9619f45569bc734d79cf8a412ad08

  • SHA1

    8e8894286ff8bacc85bb8cc53a258d8753208011

  • SHA256

    537a5c269f9e9f5800a0b21d17d07a23bf81dcd90abe8145892820baf6d5f502

  • SHA512

    3f537deb8d93e73fe6c4f5c714b3a408c374e49a2f7d9772edd60aa15234491fb43280306d9e052e092cc0c88a77edb402fa64ad324e0ea9caddc49328cad2e3

  • SSDEEP

    1536:5qsCOqJGlbG6jejoigIj43Ywzi0Zb78ivombfexv0ujXyyed2vteulgS6p8l:X1uOYj+zi0ZbYe1g0ujyzdL8

Malware Config

Extracted

Family

redline

Botnet

10 aad

C2

172.245.106.43:28053

Targets

    • Target

      13B9619F45569BC734D79CF8A412AD08.exe

    • Size

      95KB

    • MD5

      13b9619f45569bc734d79cf8a412ad08

    • SHA1

      8e8894286ff8bacc85bb8cc53a258d8753208011

    • SHA256

      537a5c269f9e9f5800a0b21d17d07a23bf81dcd90abe8145892820baf6d5f502

    • SHA512

      3f537deb8d93e73fe6c4f5c714b3a408c374e49a2f7d9772edd60aa15234491fb43280306d9e052e092cc0c88a77edb402fa64ad324e0ea9caddc49328cad2e3

    • SSDEEP

      1536:5qsCOqJGlbG6jejoigIj43Ywzi0Zb78ivombfexv0ujXyyed2vteulgS6p8l:X1uOYj+zi0ZbYe1g0ujyzdL8

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks