redline

General

Target

1cc7ec4c91b811c75bb9621120b95dd4.bin
Size

542KB
Sample

240718-by2vwasdjc
MD5

5902c7d46160eca40f72b04e63d6952f
SHA1

95eef1c4646e7a77af725e007488760bceccd749
SHA256

b250fb4824c4ebf1071d947e78852446e431b5eb0a74d9406237a7b9e81972b5
SHA512

fc5953d8605be042752caf12da5384a24254f9100f39c8f1e65c16217c0db6e8aa1cdff2aaf39172ab4540173f33430eae816ab96828ee22ff59cc25995c2412
SSDEEP

12288:bMCSHQZklKaR7uxfx5G5lgwgvX3UbnkZlz/WE5VHyuLDe+gSwQyeU5hfSojDC:AQZkluxfe5uzHUAZMcV7umZCfS9

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

Windows

C2

95.211.6.240:57887

Targets

- Target
  
  45546f324eb60085374045715890404ffe9ecbd9c15cbcfcb6828fdfd87179fa.exe
- Size
  
  963KB
- MD5
  
  1cc7ec4c91b811c75bb9621120b95dd4
- SHA1
  
  214a6276da8f2ead192d1cb28cf6afd514752eec
- SHA256
  
  45546f324eb60085374045715890404ffe9ecbd9c15cbcfcb6828fdfd87179fa
- SHA512
  
  af62907155401baa25eb4bfd793ac8cdca1eeb16e030c3c1eb9418b6e1abbea4438c8beea5579e8130b4a4277cad06263a52d080e8e7cc8b9c4221c94fa9d8f0
- SSDEEP
  
  24576:KAHnh+eWsN3skA4RV1Hom2KXMmHaHfbSH5:dh+ZkldoPK8YaHf2
Score

10^/10

redline sectoprat windows infostealer rat spyware trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1

T1552

Credentials In Files

1

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

SectopRAT

SectopRAT payload

Drops startup file

Executes dropped EXE

Loads dropped DLL

Accesses cryptocurrency files/wallets, possible credential harvesting

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2