Overview

overview

10

Static

static

10

108ed5c2d3...49.exe

windows7-x64

10

108ed5c2d3...49.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    108ed5c2d37d6359c1d8555704909549.exe

  • Size

    95KB

  • Sample

    240723-19myjasbkk

  • MD5

    108ed5c2d37d6359c1d8555704909549

  • SHA1

    9077f7c1102d4100290c07375664342e68c23062

  • SHA256

    e31e99244723c02b62ca36dffbafe607087955b69ea1b07b273ea1040072e2a3

  • SHA512

    37a64216ac27b728f2d6937acb58446f1405cb34d5a47c3a7dffac69a52853a2937e6873b9b117de24d66a1fa2a58d6677616332901f6d538dc748334fb17f39

  • SSDEEP

    1536:xqsIjlqzWlbG6jejoigIr43Ywzi0Zb78ivombfexv0ujXyyed2mteulgS6pk:f0UeYr+zi0ZbYe1g0ujyzdOk

Score
10/10
redlinesectopratruncredential_accessdiscoveryinfostealerratspywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

Run

C2

89.105.219.86:39931

Targets

    • Target

      108ed5c2d37d6359c1d8555704909549.exe

    • Size

      95KB

    • MD5

      108ed5c2d37d6359c1d8555704909549

    • SHA1

      9077f7c1102d4100290c07375664342e68c23062

    • SHA256

      e31e99244723c02b62ca36dffbafe607087955b69ea1b07b273ea1040072e2a3

    • SHA512

      37a64216ac27b728f2d6937acb58446f1405cb34d5a47c3a7dffac69a52853a2937e6873b9b117de24d66a1fa2a58d6677616332901f6d538dc748334fb17f39

    • SSDEEP

      1536:xqsIjlqzWlbG6jejoigIr43Ywzi0Zb78ivombfexv0ujXyyed2mteulgS6pk:f0UeYr+zi0ZbYe1g0ujyzdOk

    Score
    10/10
    redlinesectopratruncredential_accessdiscoveryinfostealerratspywarestealertrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks