Overview

overview

10

Static

static

10

build.exe

windows10-1703-x64

10

build.exe

windows10-2004-x64

10

build.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    build.exe

  • Size

    95KB

  • Sample

    240803-zjp5javcqm

  • MD5

    5f3136130610d1fcf980c1256eafe5d6

  • SHA1

    704d66cdcbd36913a85d979e4f38de7a62e4b500

  • SHA256

    60a40c2c1840c835de64ec8dfb2b25fffc8b6f66106f7a9772f2e40df1132634

  • SHA512

    1e8e2988f10641864b2189a0d6e5c0d756836c1defac64c1c2609268c67a642b8e0e52bf313b1b405deaa1cd2a4cc75d731299b90079e8c0045a3d23a1ea2cf4

  • SSDEEP

    1536:BqsUWqm2lbG6jejoigI743Ywzi0Zb78ivombfexv0ujXyyed243teulgS6pUl:vXB+Y7+zi0ZbYe1g0ujyzdGU

Score
10/10
redlinesectopratcheatcredential_accessdiscoveryinfostealerratspywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

cwel.tecnessino.xyz:38905

Targets

    • Target

      build.exe

    • Size

      95KB

    • MD5

      5f3136130610d1fcf980c1256eafe5d6

    • SHA1

      704d66cdcbd36913a85d979e4f38de7a62e4b500

    • SHA256

      60a40c2c1840c835de64ec8dfb2b25fffc8b6f66106f7a9772f2e40df1132634

    • SHA512

      1e8e2988f10641864b2189a0d6e5c0d756836c1defac64c1c2609268c67a642b8e0e52bf313b1b405deaa1cd2a4cc75d731299b90079e8c0045a3d23a1ea2cf4

    • SSDEEP

      1536:BqsUWqm2lbG6jejoigI743Ywzi0Zb78ivombfexv0ujXyyed243teulgS6pUl:vXB+Y7+zi0ZbYe1g0ujyzdGU

    Score
    10/10
    redlinesectopratcheatcredential_accessdiscoveryinfostealerratspywarestealertrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks