redline | 5b3882062ae00e0e7a16786510e58e6d6fbe83a5b36691eb3911647e98b16c53 | Triage

Submit
Reports

Overview

overview

Static

static

3

5b3882062a...53.exe

windows7-x64

5b3882062a...53.exe

windows10-2004-x64

Sharing

General

Target

5b3882062ae00e0e7a16786510e58e6d6fbe83a5b36691eb3911647e98b16c53.exe
Size

1.9MB
Sample

240723-t27jmsyhjn
MD5

2d0c898afee38cddf990ab602c32ed57
SHA1

7c5ed28545009035b55b18ee5844f34f5c3d30e1
SHA256

5b3882062ae00e0e7a16786510e58e6d6fbe83a5b36691eb3911647e98b16c53
SHA512

9334c818d19090909e85e0390f5869e4dba32e4e4a5a3885d5fc2110fb1252423bc2a632391489e3ccc45c9932ddcd956e23c13e5bd0f99b3ff842d67decbb5e
SSDEEP

49152:F2u/BMdg532rpsjCMqigjns2+a95PlpiH9MzMrcgt4hvN3iBO:arpEZIIBO

Score

10^/10

redline sectoprat lovato credential_access discovery infostealer rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5b3882062ae00e0e7a16786510e58e6d6fbe83a5b36691eb3911647e98b16c53.exe

Resource

win7-20240704-en

redline sectoprat lovato credential_access discovery infostealer rat spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

5b3882062ae00e0e7a16786510e58e6d6fbe83a5b36691eb3911647e98b16c53.exe

Resource

win10v2004-20240709-en

redline sectoprat lovato credential_access discovery infostealer rat spyware stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

lovato

C2

57.128.132.216:55123

Targets

- Target
  
  5b3882062ae00e0e7a16786510e58e6d6fbe83a5b36691eb3911647e98b16c53.exe
- Size
  
  1.9MB
- MD5
  
  2d0c898afee38cddf990ab602c32ed57
- SHA1
  
  7c5ed28545009035b55b18ee5844f34f5c3d30e1
- SHA256
  
  5b3882062ae00e0e7a16786510e58e6d6fbe83a5b36691eb3911647e98b16c53
- SHA512
  
  9334c818d19090909e85e0390f5869e4dba32e4e4a5a3885d5fc2110fb1252423bc2a632391489e3ccc45c9932ddcd956e23c13e5bd0f99b3ff842d67decbb5e
- SSDEEP
  
  49152:F2u/BMdg532rpsjCMqigjns2+a95PlpiH9MzMrcgt4hvN3iBO:arpEZIIBO
Score

10^/10

redline sectoprat lovato credential_access discovery infostealer rat spyware stealer trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinesectopratlovatocredential_accessdiscoveryinfostealerratspywarestealertrojan

behavioral2

redlinesectopratlovatocredential_accessdiscoveryinfostealerratspywarestealertrojan

© 2018-2024

Terms | Privacy