General

  • Target

    minecraftcheat.exe

  • Size

    5.0MB

  • Sample

    240727-nmktfazgja

  • MD5

    64fafd3369956375e0ac1c9ef85c2002

  • SHA1

    c53f2f752edaeb5453d73aaf89b6fed216d6cfb6

  • SHA256

    6cd6ec0104f52d232dfe5c59b00e87d24490a7774e154233d467b8887616d1a6

  • SHA512

    344328457469fc29e8a8af21027becc146c1407e39f62475b62760a7411135c953362fded218507845277909a20d1774d224245797166a8f19dffced2a8c800a

  • SSDEEP

    1536:5qsCbqDylbG6jejoigIj43Ywzi0Zb78ivombfexv0ujXyyed233tmulgS6p8l:XEwiYj+zi0ZbYe1g0ujyzdn8

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

194.55.186.129:26644

Targets

    • Target

      minecraftcheat.exe

    • Size

      5.0MB

    • MD5

      64fafd3369956375e0ac1c9ef85c2002

    • SHA1

      c53f2f752edaeb5453d73aaf89b6fed216d6cfb6

    • SHA256

      6cd6ec0104f52d232dfe5c59b00e87d24490a7774e154233d467b8887616d1a6

    • SHA512

      344328457469fc29e8a8af21027becc146c1407e39f62475b62760a7411135c953362fded218507845277909a20d1774d224245797166a8f19dffced2a8c800a

    • SSDEEP

      1536:5qsCbqDylbG6jejoigIj43Ywzi0Zb78ivombfexv0ujXyyed233tmulgS6p8l:XEwiYj+zi0ZbYe1g0ujyzdn8

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks