Overview

overview

10

Static

static

3

8f0cdb9b59...a0.exe

windows7-x64

10

8f0cdb9b59...a0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8f0cdb9b59e86f67c486e4321ebccfc9ff06e21c6e1c16757997e13d61bd07a0

  • Size

    523KB

  • Sample

    240731-b8f16azhjq

  • MD5

    0d121fd1abd64936cab41b33585b51c8

  • SHA1

    b68987a86fd07ec4acc085dedd0d84a52f5ed049

  • SHA256

    8f0cdb9b59e86f67c486e4321ebccfc9ff06e21c6e1c16757997e13d61bd07a0

  • SHA512

    a8e3fd12ebba6573a8fe68784e044d7164b3c55e594f375d160ff218e40cb5569bbccd70d8ba9ff52cce62a089ae558e10068ef2541e6321212ce9b57fede24a

  • SSDEEP

    12288:bXzrIlV/MLqrjreSHVaSxKfwVx903IkF7xa0/EMqcJWD:bjr4MerPeSQSxvVxG3IstxqcJ

Score
10/10
redlinesectopratcheatdiscoveryinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

185.222.57.147:55615

Targets

    • Target

      8f0cdb9b59e86f67c486e4321ebccfc9ff06e21c6e1c16757997e13d61bd07a0

    • Size

      523KB

    • MD5

      0d121fd1abd64936cab41b33585b51c8

    • SHA1

      b68987a86fd07ec4acc085dedd0d84a52f5ed049

    • SHA256

      8f0cdb9b59e86f67c486e4321ebccfc9ff06e21c6e1c16757997e13d61bd07a0

    • SHA512

      a8e3fd12ebba6573a8fe68784e044d7164b3c55e594f375d160ff218e40cb5569bbccd70d8ba9ff52cce62a089ae558e10068ef2541e6321212ce9b57fede24a

    • SSDEEP

      12288:bXzrIlV/MLqrjreSHVaSxKfwVx903IkF7xa0/EMqcJWD:bjr4MerPeSQSxvVxG3IstxqcJ

    Score
    10/10
    redlinesectopratcheatdiscoveryinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks