General

  • Target

    SPECIFICHE TECNICHE PER LA FORNITURA DI ATTREZZATURE.exe

  • Size

    1.9MB

  • Sample

    240801-pkfx5szgnm

  • MD5

    af951609aa80d5de83f9a02db46bd8cc

  • SHA1

    cdac52bb244e70b48d3d414f451bb0b4de1c4f8e

  • SHA256

    fae7035785c175dcad0c51146ce8c55fbf0d9f09380c2a20a52b4bdc67205030

  • SHA512

    bcdf5c251155172f953955c534cee9cacf897bc1c71d78abbe36630b795d50041c65037413aee191e25d29c6a4d5d6bc8640669cbf83def15e368baf8ede3732

  • SSDEEP

    12288:aUANuMn2d0FH5+fZMdgESJ7UP0+F1e9FMRr6A1:lANuMnNF8MevUPPF893A1

Malware Config

Extracted

Family

redline

Botnet

lovato

C2

57.128.132.216:55123

Targets

    • Target

      SPECIFICHE TECNICHE PER LA FORNITURA DI ATTREZZATURE.exe

    • Size

      1.9MB

    • MD5

      af951609aa80d5de83f9a02db46bd8cc

    • SHA1

      cdac52bb244e70b48d3d414f451bb0b4de1c4f8e

    • SHA256

      fae7035785c175dcad0c51146ce8c55fbf0d9f09380c2a20a52b4bdc67205030

    • SHA512

      bcdf5c251155172f953955c534cee9cacf897bc1c71d78abbe36630b795d50041c65037413aee191e25d29c6a4d5d6bc8640669cbf83def15e368baf8ede3732

    • SSDEEP

      12288:aUANuMn2d0FH5+fZMdgESJ7UP0+F1e9FMRr6A1:lANuMnNF8MevUPPF893A1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks