Overview

overview

10

Static

static

5

45546f324e...fa.exe

windows7-x64

10

45546f324e...fa.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    45546f324eb60085374045715890404ffe9ecbd9c15cbcfcb6828fdfd87179fa.exe

  • Size

    963KB

  • Sample

    240717-w2e6hawfpa

  • MD5

    1cc7ec4c91b811c75bb9621120b95dd4

  • SHA1

    214a6276da8f2ead192d1cb28cf6afd514752eec

  • SHA256

    45546f324eb60085374045715890404ffe9ecbd9c15cbcfcb6828fdfd87179fa

  • SHA512

    af62907155401baa25eb4bfd793ac8cdca1eeb16e030c3c1eb9418b6e1abbea4438c8beea5579e8130b4a4277cad06263a52d080e8e7cc8b9c4221c94fa9d8f0

  • SSDEEP

    24576:KAHnh+eWsN3skA4RV1Hom2KXMmHaHfbSH5:dh+ZkldoPK8YaHf2

Score
10/10
redlinesectopratwindowsinfostealerratspywaretrojan

Malware Config

Extracted

Family

redline

Botnet

Windows

C2

95.211.6.240:57887

Targets

    • Target

      45546f324eb60085374045715890404ffe9ecbd9c15cbcfcb6828fdfd87179fa.exe

    • Size

      963KB

    • MD5

      1cc7ec4c91b811c75bb9621120b95dd4

    • SHA1

      214a6276da8f2ead192d1cb28cf6afd514752eec

    • SHA256

      45546f324eb60085374045715890404ffe9ecbd9c15cbcfcb6828fdfd87179fa

    • SHA512

      af62907155401baa25eb4bfd793ac8cdca1eeb16e030c3c1eb9418b6e1abbea4438c8beea5579e8130b4a4277cad06263a52d080e8e7cc8b9c4221c94fa9d8f0

    • SSDEEP

      24576:KAHnh+eWsN3skA4RV1Hom2KXMmHaHfbSH5:dh+ZkldoPK8YaHf2

    Score
    10/10
    redlinesectopratwindowsinfostealerratspywaretrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks